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Windows IT Pro 2008 Award Winners 


EDITORS' 

BEST 


Product of the Year 
VMware ESX Server 3.5 
VMware 

www.vmware.com 


Breakthrough Product 
Google Docs 
Google 

docs.google.com 


Special Achievement 

iPhone 

Apple 

www.apple.com 


Hardware Winners 
Gold: Barracuda Spam Firewall 
Barracuda Networks 
www.barracudanetworks.com 
Silver: Steelhead 

Riverbed Technology 
www.riverbed.com 


Bronze: HP ProLiant DL585 
HP 

www.hp.com 


Interoperability Winners 
Gold: Centrify DirectControl 
Centrify 

www.centrify.com 
Silver: Splunk 

Splunk 

www.splunk.com 
Bronze: Likewise Open Spring'08 
Likewise Software 
www.likewisesoftware.com 


Messaging Winners 
Gold: PostPath Server 
PostPath 

www.postpath.com 

Silver: 3CX Phone System for Windows 


3CX 
www.3cx.com 

Bronze: Unify Enterprise Edition 
Ensim 


www.ensim.com 


Mobile and Wireless Winners 
Gold: Zenprise 3.3 for BlackBerry 
Zenprise 

www.zenprise.com 
Silver: REDFLY Mobile 
Companion 
Celio Technology 
www/del iocorp.com 
Bronze: Amazon Kindle 
Amazon.com 


www.amazon.com 
Networking Winnei 


Gold: Engineer's Toolsi 
SolarWinds 
www.solarwinds.com 
silver: uoserver 


iset 






Network Instruments 
www.networkinstruments.com 
Bronze: OmniPeek 

Wild Packets 
www.wi Id packets.com 


Scripting Winners 

Gold: Admin Script Editor 
iTripoli 

www.adminscripteditor.com 

COMMUNITY 

CHOICE 

Light Database Tools 

Winner: Microsoft SQL Server 2005 
Express 

Microsoft 

www.microsoft.com 

Silver: PrimalScript 2007 

SAPIEN Technologies 
www.sapien.com 

Bronze: UltraEdit 

IDM Computer Solutions 
www.ultraedit.com 

Security Winners 

Gold: Astaro Security Gateway 

Astaro 

www.astaro.com 

Silver: Catbird V-Agent 

Catbird Networks 
www.catbird.com 

Silver: MySQL 5.0 

MySQL AB 
www.mysql.com 

Bronze: OmniAccess 3500 

Nonstop Laptop Guardian 

Alcatel-Lucent 

www.alcatel.com 

Bronze: Microsoft SQL Server 
Compact 3.5 

Microsoft 

www.microsoft.com 

Storage Winners 

Gold: RamSan-500 

Texas Memory Systems 
www.superssd.com 

Antispam Solution for Business 
Winner: McAfee Total Protection 
Service 

McAfee 

www.mcafee.com 

Silver: Dell tqualLogic PS5000E 

Dell EqualLogic 
www.dell.com/equallogic 

Bronze: E-Disk Altima ATA-133 

BiTMICRO 

www.bitmicro.com 

Silver: Perimeter Manager 

Enterprise Edition 

Postin i 

www.postini.com 

Bronze: Symantec Mail Security 

8200 Series 

Symantec 

www.symantec.com 

Disk Imaging Software 

Winner: Symantec Ghost 

Solution Suite 

Symantec 

www.symantec.com 

SharePoint Winners 

Gold: File Migrator for SharePoint 
Quest Software 
www.quest.com 

Silver: DocAve 4.5 Backup and 
Recovery for SharePoint 

AvePoint 

www.avepoint.com 

Bronze: Colligo Contributor Pro for 
SharePoint 

Colligo Networks 
www.colligo.com 

Silver: Acronis True Image Echo 
Workstation with Acronis 

Universal Restore 

Acronis 

www.acronis.com 

Bronze: Image for Windows 

TeraByte Unlimited 
www.tera byteu n 1 i m ited.com 

Backup and Recovery 

Appliances 

Winner: HP StorageWorks D2D 

Backup System 

HP 

www.hp.com 

Systems Management Winners 
Gold: Active Administrator 
ScriptLogic 
www.scriptlogic.com 

Silver: ActiveRoles Server 

Quest Software 
www.quest.com 

Bronze: AppManager 

NetlQ 

www.netiq.com 

Training and Certification Winners 
Gold: KSource Online Learning 
AppDev 

ww w.a ppdev.com 

Silver: SonicWALL Continuous 

Data Protection Series 

SonicWALL 

www.sonicwall.com 

Silver: MCSE Boot Camp 

Mountain View Systems 
www.mntview.com 

Bronze: StoreVsult S500 

NetApp 

www.storevault.com 

Bronze: MCSE 2003 Exam 

Preparation 

Transcender 

www.transcender.com 

Exchange Server Monitoring 

Tools 

Winner: Microsoft System Center 
Operations Manager 2007 

Microsoft 

www.microsoft.com 

Virtualization Winners 

Gold: Parallels Virtuozzo 

Containers 

Parallels 

^/ww.parallels.com 

Silver: PROMODAG Reports for 
Microsoft Exchange Server 
PROMODAG 
www.promodag.com 

Bronze: Quest MessageStats and 
Spotlight on Exchange 

Quest Software 
www.quest.com 

Silver: VMware IhinApp 

VMware 

Marathon Technologies 



Uninterruptible Power Supplies 
Winner: Smart-UPS XL Series 
American Power Conversion 
www.apc.com 
Silver: Smart-UPS SC Series 
American Power Conversion 


?s 


www.apc.com 

Bronze: Back-UPS RS Series 

American Power Conversion 


www.apc.com 

Laptop Synchronization Tools 
Winner: PCsync 
Laplink Software 
www.laplink.com 
Silver: Sync Logic 

IPWorx.com 


www. i p wo rx.com 
Bronze: Beyond Compare 
Scooter Software 
www.scootersoftware.com 


KVM over IP Switches 

Winner: OmniView SMB KVM-over-IP 

Switch F1DP116G 

Belkin International 

www.belkin.com 

Silver: OmniView Remote IP 

Device with Virtual Media FI DEI 01H 

Belkin International 

www.belkin.com 

Bronze: APC 16-Port IP KVM 

American Power Conversion 

www.apc.com 


BEST of 
•ED 


TECH 


Best Messaging Product 
OneServer Virtual Edition 


Best Business Intelligence 

Product 

OfficeWriter 


Best SharePoint Product 
DocAve Software Platform 


Best Hardware, Networking, or 
Storage Product 
Strangeloop WS1000 Web 
Services Accelerator 


Best Database 
Administration Product 
SQL diagnostic manager 

Best Productivity and 
Collaboration Product 
Colligo Contributor Pro for 
SharePoint 


Best Security Product 
ScanMail for Microsoft Exchange 

Best Virtualization Product 
VMware Infrastructure 3 


Best Systems Management and 

Operations Product 

Athena 


Breakthrough Product 
PowerGUI 


Attendees' Pick 
Replicator for SharePoint 










































































77 Percent 

of companies involved in legal or 
regulatory actions had email requested 
as part of the discovery process * 


75 Percent <£ 

of corporate intellectual property is 
sent through email messages and 
their attachments * 


DISCOVER • RECOVER • EXPORT 


DISCOVER: Create and reuse advanced queries to search a 
single data source or across multiple Backup Copies of 


Exchange Information Stores or Live Exchange Servers 


as well as PST’s and DigiVault data sets to find the required 
evidence within emails, attachments and meta-data. 


RECOVER: Use DigiScope’s intuitive Outlook interface to 
restore information via drag-&-drop to a specific location 
or select SingleTouch™ recovery to automatically restore 
mailboxes, folders, or individual items to original locations 
within the live Exchange Server. 


LIVE WEEKLY 
DEMOS * 


powered j 


EXPORT: Search results can be optionally de-duplicated 
and then exported to multiple formats including, XML, 
MSG, and PST’s with various options to support data 
migration as well as further review or legal analysis. 


Lucid8’s 


eDiscovery and Recovery for Microsoft® Exchange 


Copyright © 2008 Lutida* Ali rights reserved. All other trademarks are property of their respective owners. 


Source: Enterprise Strategy Group 


IF=l3E»MI«fEl 


• Demo version of DigiScope 

• White Papers 

• FRCP, E-mail Discovery & You 

• Essential Guide to E-discovery 
and Recovery 

Goto: 

www.Lucid8.com/WIPdiscover 


Call: 425 456-8496 


E-Mail: Sales@Lucid8.com 


00101010110 
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COVER STORY 


25 Windows IT Pro Editors' Best 

We identify the best products for Windows in 15 categories, including Product of the Year, 
Breakthrough Product, and Special Achievement. Start here to find products that will maximize the 
ROI of your IT infrastructure. 

BY THE WINDOWS IT PRO EDITORS 


FEATURES 


37 Windows IT Pro Community Choice 

Our readers have opinions about the best products, too, based on their 
experiences with using products day in and day out. Here are their 
picks in eight categories, including Exchange Server monitoring, laptop 
synchronization, and disk imaging. 

BY THE WINDOWS IT PRO EDITORS 


SOLUTIONS PLUS 

46 Making SoftGrid Apps Work 
On the Road 

Your users will be able to access all their SoftGrid 
applications even while on the road, when you 
combine SoftGrid client's new Offline mode with 
a technique to wrap your SoftGrid sequences as 
MSI files for deployment. 


43 Awards Recognize the Best of Tech*Ed 2008 
IT Professionals Conference 

For our seventh annual awards issue, our judges traveled to Orlando to take a close look at the 
finalists for Best ofTech*Ed and bring you the top third-party products. The envelope, please! 

BY THE WINDOWS IT PRO EDITORS 


BY JEREMY MOSKOWITZ 


50 Using the SoftGrid SMS Connector to Deliver a 
SoftGrid Application 


SOLUTIONS PLUS 

52 3 Steps to Troubleshooting 
Device Drivers 

If your applications are loading slowly or overall 
system performance is suffering, the culprit might 
be a kernel-mode device driver. Knowing how to 
recognize, diagnose, and solve driver performance 
problems can save you time and prevent 


INTERACT 


19 Reader to Reader 

Use Netsh to fix socket layer problems, plus tweak 
the registry to make taskbar buttons group when 
you want them to. 


frustration. 


BY STEVEN DAUGHERTY 


23 Ask the Experts 

Find out how to check AD database integrity, 
discover where SPNs are stored, and determine 
when a user last logged on. 


Access articles online a t www.windowsitpro.com. Enter the article ID (located at the end of each article) 
in the InstantDoc ID text box on the home page. 


























In a consolidated IT world, you need servers that run 
on legs of steel. So we gave Windows Server® 2008 
innovations, such as Failover Clustering and a Server 
Core installation option, that help isolate, resolve, and 
evade problems to deliver superhuman reliability. 


Meet the new Windows Server 2008 

at serverunleashed.com 









Introducing. 


Sunbelt h pi s ' 

Exchange Archiver 


Finally, Affordable Enterprise-Class Archiving 


Introducing Sunbelt Exchange Archiver. Sunbelt 

Exchange Archiver (SEA) is a robust new product which 
delivers real enterprise-class email archiving, at a price that 
won’t break your budget. Get comprehensive legal and 
regulatory compliance. Reduce your Exchange storage by 
up to 80 %. Securely store emails on your choice of media, 
using the built-in Hierarchical Storage 
Management. And, find archived emails 
rapidly with full-text search for e-discovery 
or compliance. 


Up to 80% smaller message store. With SEA, you’ll 
dramatically reduce your Exchange storage. The benefits are 
clear: faster backup times, better Exchange performance, 
and faster recovery. 


Compliance, e-Discovery, and legal 
readiness. If you need to archive emails 
for regulatory or legal reasons, SEA has 
you fully covered. Emails are stored in 
their original form, in whatever secure 
media you prefer, with complete flexibility 
on retention. Need to find an archived 
email? Simply use SEA’s powerful 
integrated full-text search of emails and 
attachments, and you’ll be ready at a 
moment’s notice for e-discovery or legal 
requests. 

Seamless end-user experience. SEA 

is fully transparent for your users, whether 
they’re running Outlook, OWA, Blackberry 
devices or even Entourage on the Mac - with 
no special client software needed. Trusted 
end users can be delegated granular authority 
with the included web-interface or optional Outlook 
add-in. They can do off-line synchronization, and search, 
edit, forward, move or delete archived emails. 


"Exchange performance 
is suffering. Your users 
complain about email 
storage. Your CEO wants 
legal compliance. 

Now what?" 


Journaling not required. It’s a fact that using the 

Exchange Journaling mailbox for archiving 
dramatically affects server performance. 
With SEA, Journaling is an option - the 
program’s breakthrough Direct Archiving 
feature stores all emails immediately after 
they are received, keeping load off the 
Exchange server. 



No more PST headaches! SEA gets 
rid of pesky PST files that are a major 
admin headache. SEA automatically finds 
them, imports them, and makes them part 
of your user’s archive. 

Great for disaster recovery. No 

matter where you email is stored, business 
continuity is assured with SEA. Using the 
included web client, users can continue to 
see and use their email even if Exchange is 
down. 

Archiving’s time has come for 
everyone. Contact us today and see how 
SEA solves your legal and compliance 
headaches and immediately improves the performance of 
Exchange - while saving critical budget dollars. 



Sunbelt Software 


Get a Free Quote and See How Cost-effective Sunbelt Exchange Archiver Really Is! 

Email sales@sunbeltsoftware.com or call 888-688-8457 


Sunbelt Software Tel: 1-888-688-8457 or 1-727-562-0101 Fax:1-727-562-5199 www.sunbeltsoftware.com sales@sunbeltsoftware.com 

© 2007-2008 Sunbelt Software. All rights reserved. Sunbelt Exchange Archiver is a trademark of Sunbelt Software. All trademarks used are owned by their respective owners. 
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FEATURES 

Use Cmd.exe's Start Command to 
Simplify Setup Automation 

Use the Start command and a batch file to simplify small- 
scale software deployment, prevent accidental omissions, 
and significantly reduce contact time. 

BY ALEX K. ANGELOPOULOS 


59 Deploy Exchange 2007 on a 
Single Server 

Exchange Server 2007 is designed to work on at least 
two physical servers, but you can set it up on just one 
by making configuration changes that enable the Hub 
Transport server role to handle Internet email and adding 
security to the Mailbox role. 

BY DAMIR DIZDAREVIC _ 

60 How Messages Move in a Multiserver Exchange 2007 
tnvironment 


OFFICE & SHAREPOINT PRO 

69 Gold Medal SharePoint 
Applications in Beijing 

As the NBC television Microsoft Technologies Consultant 
for the 2008 Beijing Olympics, Dan Holme used Microsoft 
SharePoint Technologies to solve many of the operations 
management tasks. 

BY DAN HOLME 


PRODUCTS 

WHAT’S HOT 

Readers Review Hot Products 

Readers highlight their favorite products from Idera, Kerio 
Technologies, and Denis Bauer. 

BY JEFF JAMES 





FORSTER I IT PRO PERSPECTIVE 

Recognizing Microsoft's 
Fading Generation of Products 

Karen acknowledges Server 2008, DPM 2007, 
and SCVMM 2008 for receiving Editors'Best 
awards and examines Microsoft's perspective on 
virtualization as it relates to a new generation of 
Web-integrated IT. 


THURROTT I NEED TO KNOW 

Apple iPhone Enterprise 
Features and Apple iPhone 3G 

The iPhone Software Update 2.0 offers Microsoft 
Exchange ActiveSync (EAS) technologies, which 
is good news for enterprise users; plus, is iPhone 
3G's mobile wireless network compatibility worth 
the cost? 


MINASI I WINDOWS POWER TOOLS 

Server Core from Afar 

Let's continue our ongoing Server Core 
configuration effort by setting up remote 
administration.The potent combination of 
WinRM and Winrs makes it possible. 


OTEY I TOP 10 

14 Hyper-V FAQs 

Michael helps you evaluate Hyper-V's 
requirements, such as how you upgrade or 
migrate from other VMs, and shows you some 
differences between Hyper-V, Virtual Server 2005, 
and VMware's ESX Server. 




9 letters@windowsttpro.com 
10 Your Savvy Assistant 

8. Directory of Services 
8/ Advertising Index 

8/ Vendor Directory 

88 Ctrl+Alt+Del 
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AutoMate BPA Server 7 gives IT guys more 
free time to embrace their inner geek. 



Download your free GD-day trial at bpaserver7.com or call 888-78G-479G. 

























IT PRO PERSPECTIVE 


Forster 


"The 2008 wave of Microsoft products is 
opening the door for the new 
generation ofWeb-integrated IT." 



Recognizing Microsoft's Fading Generation of Products 

Ushering in an era of "logicalization" 


M icrosoft's new product releases in the past year 
have been numerous and significant. In many 
ways these products are revolutionizing IT. But 
even as I acknowledge the Microsoft products 
receiving our Editors' Best award this year, I 
can't shake the feeling that these releases are 
approaching the last hurrah of a fading generation of technology. So 
first, let me congratulate this year's winners. Then let's consider the 
oncoming generation and where it's taking Microsoft and IT. 

Gold 

Windows Server 2008 brought virtualization into the IT mainstream, 
created new competitive possibilities with Server Core, and simplified 
deployment with the concept of server roles. The product's technical 
achievements, its grounding in customer feedback, plus its timely and 
drama-free release earn this year's gold award for Server 2008. 

Asked to comment on the award, Bill Laing (general manager, 
Windows Server Division) said, "Windows Server 2008 is Microsoft's 
most customer-focused server release to date; this is evident in how 
the server is configured and managed by role through the Windows 
Server Manager utility. Windows Server 2008, built with Web and 
virtualization technologies, enables you to increase the reliability 
and flexibility of your server infrastructure." 

Silver and Bronze 

The silver award for Microsoft products goes to System Center Data 
Protection Manager (DPM) 2007. Native backup and restore capa¬ 
bility was never a strength of Microsoft products until DPM arrived 
a few years back. But DPM's initial versions protected only the OS. 
With DPM 2007, Microsoft extended disk-to-disk-to-tape backup to 
products that were crying out for such a solution: Exchange Server, 
Microsoft Office SharePoint Server (MOSS) 2007, and SQL Server. 
This award recognizes Microsoft for providing much-needed and 
eagerly awaited functionality. 

System Center Virtual Machine Manager (SCVMM) 2008, with 
its support for Hyper-V and heterogeneous management of virtual 
and physical environments, has not yet been released. But SCVMM 
2007 changed the competitive game in the virtualization arena 
by focusing Microsoft's value proposition on managing a mixed 
physical and virtual environment "from a single pane." The strategy 
behind SCVMM and the importance of management in a virtualized 
environment make SCVMM the bronze award winner this year. 


The Next Generation 

The 2008 product generation takes virtualization into the main¬ 
stream of Microsoft-based IT and is changing the way IT works. But 
the idea of virtualization is steadily expanding as a way of thinking 
beyond on-premise IT. Microsoft is now seeing virtualization as a 
broader concept that encompasses cloud computing, Web services, 
Software as a Service (SaaS), Software + Services (S+S), and Service- 
Oriented Architecture (SOA). 

In this view, "virtualization" becomes "logicalization" of technol¬ 
ogy. As Bob Kelly (Microsoft vice president, Infrastructure Server 
Marketing) recently told me, "Virtualization is a way of making 
logical a bunch of physical stuff. The more that IT becomes logical, 
the much more quickly they'll be able to respond to business needs. 
Logicalization is not just about compute or storage. It's also in fact 
about applications—not just like Softricity style, but even SOA. 
Service orientation is really an isolation. Web services is just a vir¬ 
tualized service. It's isolated. The more IT gets on this road to mak¬ 
ing their infrastructure, their applications, and their environment 
logical, the faster they'll be able to consume this innovation and the 
more quickly they'll be able to respond to business needs. There's 
nothing like being able to stand up a new server environment with 
the press of a button because you have increased demand. That's 
what logicalization of IT means." 

When Microsoft jumps on an idea, that idea spreads and grows 
wildly. So just as you're getting used to the various possibilities for 
and layers of virtualization, Microsoft is taking the idea of virtualiza¬ 
tion much further. By distilling "virtualization" down to its essence 
as "isolation" of physical hardware, OSs, and applications, Microsoft 
created a paradigm for understanding that cloud-based approaches 
are also essentially about "isolation." 

This perspective on virtualization means that the 2008 wave of 
Microsoft products is opening the door for the new generation of 
Web-integrated IT. Early explorations of the idea of logicalization 
of IT include Microsoft Live Mesh and SQL Server Data Services. In 
the future, the industry might look back on Hyper-V and its approach 
to virtualization as quaint. But it just might also be seen as the grand- 
daddy of an entirely different type of IT. ^ 

InstantDoc ID 99476 


KAREN FORSTER (karen@windowsitpro.com) is editorial and strategy 
director for Windows IT Pro and SQL Server Magazine and former director 
of Windows Server User Assistance at Microsoft. 
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LETTERSOWINDOWSITPRO.COM 


PowerShell and Property Value 

In "PowerShell 101, Lesson 3" (April 2008, 
InstantDoc I D 98177) , the command 

get-process | 

where {($_.handles -gt 100) 

-and -not ($_.company -eq 
“Microsoft Corporation”)} 

is supposed to return all non-Microsoft 
processes. But three of the listed pro¬ 
cess names (i.e., CSRSS, SYSTEM, and 
WINLOGON) look a little out of place. 
When I use PowerShell to query them 
for their Company property value, 
all three return nothing. Microsoft 
obtained the CSRSS process from Citrix 
a few years ago, so the recoding is most 
likely an oversight. But I'm still wonder¬ 
ing about the SYSTEM and WINLOGON 
processes. 

—Mike Piontkowski 

You bring up an impor¬ 
tant concern. You're get¬ 
ting these results because 
the Company property 
value is null for those 
processes. (PowerShell is 
indifferent to ownership 
history and cares only about the property 
value itself!) You can write your code to take 
this fact into account, as in: 

get-process | 

where {($_.handles -gt 100) 

-and -not ($_.company -eq 
“Microsoft Corporation” -or 
$_.company -eq $null)} 

Now, only processes whose Company value 
isn't Microsoft Corporation (or isn't null) are 
returned. 

The problem with this approach is that 
it assumes that only Microsoft uses null for 
the company name, so you must determine 
how you want to handle such situations. 
Whenever you're using properties to create 
these Boolean expressions, be aware of the 
possible values for those properties. Write 
your expressions accordingly, and take into 
account the possibility of null values. 

—Robert Sheldon 


DNS Wisdom 

I read the IT Pro Hero story, "Tried-and-True 
DNS Wisdom" by Caroline Marwitz (April 
2008, InstantDoc I D 98330) . In the sidebar, 

"A Sysadmin's DNS Best Practices," Apostolos 
Fotakelis writes, "Get rid of NetBIOS over TCP 
and WINS." Every time I've ever attempted 
to do that, I've lost mapped drives and have 
been unable to connect to any servers. What 
am I doing wrong? Also, if I disable NetBIOS 
over TCP from the Local Area Connection 
window, will it affect my WatchGuard VPN? 

—Tony Sergi 

Actually, in my article, I was referring to dis¬ 
abling NetBIOS over TCP via the Local Area 
Connection window. Disabling NetBIOS 
from Device Manager is a more drastic, prob¬ 
lematic procedure that requires a reboot. 
Unfortunately, I have no experience with the 
WatchGuard VPN. However, disabling NetBIOS 
over TCP shouldn't have any side effects on 
firewalls or VPN connections. That being said, 
you should always be aware of potential con¬ 
sequences. (See the article "How can I configure 
TCP/IP networking while NetBIOS is disabled in 
Windows 2000/XP/2003?" at www.petri.co.il/ 
disable_netbios_in_w2k_xp_2003.htm for mor e 

information.) And, of course, be sure to test the 
change before effecting it in your environment. 

—Apostolos Fotakelis 

PC vs. Mac 

I loved Mark Minasi's Web-exclusive "No XP? 
Say It Ain't So, Ray!" (www.windowsitpro.com, 
InstantDoc I D 99284) . I, too, am a big fan of 
XP, and I haven't found Microsoft Vista all 
that interesting. I did make the choice Mark 
talks about. When it was time to replace my 
Dell laptop (which was happily running XP), I 
went for a shiny MacBook Pro running Tiger 
(now Leopard). I have to say, I like my new 
computer so much that I plan to replace my 
five-year-old HP desktop system (happily 


running XP) with a new iMac running— 
yep—Leopard! And courtesy of VMware 
Fusion, I'll pull the HP system's XP installation 
so that I can still run XP in its own little virtual 
machine (VM) on the iMac. XP is a beautiful 
thing, and forcing people to upgrade will 
only help Microsoft's competitors! 

—Dan York 

Server Core Commando 

I just read Mark Minasi's Windows Power 
Tools column, "Go Commando with Win¬ 
dows Server 2008's Server Core" (June 2008, 
InstantDoc I D 98715) . At the end of the arti¬ 
cle, Mark states that the only option for add¬ 
ing the DNS suffix from the command line is 
to modify the registry. However, you can also 
use the Windows Management Instrumenta¬ 
tion Command Line (WMIC). First, find the 
adapter you want: 

wmic nicconfig list 

Next, add the DNS suffix. If the adapter's 
index is 1, you'd type something like 

wmic nicconfig 1 call setdnsdomain 
bigfirm.com 

You can even perform this procedure 
remotely, as follows: 

wmic /node:Serverl nicconfig 1 call 
setdnsdomain bigfirm.com 

When Server Core gets PowerShell support, 
you'll be able to use 

Get-Wmi Object Wi n32_Networl<Adapter 
Configuration -ComputerName 
Serverl | 

Where-Object{$_.IPEnabled -eq “TRUE”} 

The object returned by this statement 
(System.Management.ManagementObject) 
supports the SetDNSDomain method. ^ 
—Aleksandar Nikolic 

InstantDoc ID 99544 



We misspelled the name of the company VMware on the cover of our 
July issue. We regret the error and any confusion it may have caused. 
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Data Protection & Recovery 
Gone Stale 


Humphries 

The missing link 
to IT resources 



What happens after your Exchange 
Server's hard drive array fails and 
you get a call from your company's 
president wanting to know where 
his email about a pending acquisi¬ 
tion is? All he can see is his email 
from yesterday, and the 3:00 p.m. 
deadline is now less than 20 minutes 
away. Learn about continuous data 
protection (CDP), Exchange 2007's lo¬ 
cal continuous replication and cluster 
continuous replication features, and 
other more robust options available 
from third parties. Download this 
white paper today—or you might be 
asking your boss "How much data loss 
is acceptable?" 

www.windowsitpro.com/qo/wp/Lucid8/CDP 

The Impact of Messaging and 
Web Threats 


A New Era of 
Information Delivery 

This free, all-inclusive tool will enhance your 
e-newsletters and keep you sane 


Message- and Web-based threats, as 
well as internal threats, are increas¬ 
ing in number and severity. Read this 
Osterman Research white paper to 
learn why a layered, defensive strat¬ 
egy is necessary to protect 
against all types of 
threats. 

www.windowsitpro.com/ 
go/sunbeltwp 



The Business 
Case for 

Disaster Recovery 
Planning 
and Budgeting 

Download this Webinar to learn 
how a disaster can impact your orga¬ 
nization and how to make a business 
case for an effective disaster recovery 
plan that company management will 
understand. Register now for a brief 
introduction to some of the cost- 
effective solutions that are available 
to address your DR needs and to get 
some tips on preparing a disaster 
recovery plan. 
www.windowsitpro.com/go/xosoftws 


W hen I started working 
for Windows IT Pro, 

I had never heard of 
"e-newsletters"—or 
"UPDATEs" as we 
like to call them. 

Fortunately for me—and those who hired 
me—it didn't take me long to put the 
"e" and the "newsletter" parts together. 
However, putting the e-newsletter content 
together was a whole different story. Back 
then, our company had an excuse of a tool 
that was more for launching than creating 
e-newsletters—and it didn't even launch 
them all that well. I dreaded that day 
every month when I had to build a new 
issue and I could look forward to 
leaving the office cross-eyed from 
prolonged staring at my com¬ 
puter screen and dizzy from typ¬ 
ing and testing HTML. I pitied 
the editors in charge of weekly 
and even (gasp!) daily UPDATES. 
But now, a new day—and a new 
way—has come: the eNews Generator. 
The eNews Generator is a free HTML 
and text e-newsletter builder for user- 
group leaders (or really, for anyone who 
needs to create content for email). The 
tool lets you combine your own messages 
and updates with more than 26,000 arti¬ 
cles from Windows IT Pro and SQL Server 
Magazine, as well as all the Exchange and 
Outlook, scripting, security, and other 
articles that we publish exclusively on the 
Web; Paul Thurrott's Winlnfo; Connected 
Home Express; and JSIFAQ. You can use 
our prebuilt templates, or send us your 


favorite template and we'll incorporate it 
for you. The best part is that registering 
for the tool automatically signs you up for 
free, VIP-level access to all our online arti¬ 
cles, and your e-newsletter readers don't 
have to be signed on or even members of 
our Web sites to read the articles! That's a 
huge bonus, if you ask me. 


let me know how e-newsletters and user 
groups fit into your career. ^ 

InstantDoc ID 99156 


—(^newsgenerator 


To learn more about the tool, go 
t o usergroup.windowsitpro.com/ 
generator, where you can read FAQs, 
view sample e-newsletters, and watch 
a screencast in which our online 
community manager, Chris Sigfrids, 
walks you through registering and creat¬ 
ing your first issue. (Despite Chris's 
abnormally loud mouse clicking, the 
screencast is incredibly helpful.) Chris 
even gives his contact information for 
those who might need further assis¬ 
tance—a great personal touch. (That is 
not sarcasm.) Take a moment to watch it, 
and make sure to call him and ask if his 
refrigerator is running. (Neither is that.) 

If you want to know more about how 
this tool can benefit you (and Chris has 
blocked you from making any more prank 
phone calls), you can send me a message 
and we'll get you started. Contact me at 
christan.humphries@penton.com and 
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NEED TO KNOW 


Thurrott 

"Apple took the unexpected 
step of licensing Microsoft 
Exchange ActiveSync." 



Apple iPhone Enterprise Features and Apple iPhone 3G 


W hen the original Apple iPhone appeared in June 
2007, it was accompanied by a level of hype that 
was almost unprecedented in the consumer 
electronics space. The hype was all the more 
impressive when you remember that this first 
iPhone lacked so many crucial features—for both 
consumers and business users alike—and was hobbled by AT&T's 
lackluster EDGE data network. Over time, Apple began addressing 
many of these limitations, and in July 2008 the company shipped 
iPhone Software Update 2.0, which, among other things, adds key 
functionality for the enterprise, including full support for Microsoft 
Exchange Server. Here's what you need to know about iPhone enter¬ 
prise features. 

It's All About Exchange 

Although Apple isn't particularly well-regarded in the enterprise, 
knowledge and mobile workers in businesses large and small are as 
taken with Apple's innovative smart phones as are consumers. And 
they've been asking companies in droves to let them use the iPhone. 
The problem is, when the iPhone first shipped last year, it offered no 
direct support for Exchange, the de facto messaging solution at most 
businesses. (Apple's half-hearted response at the time—enabling 
IMAP support—was met with stunned silence.) 

To address this need—and, frankly, to dramatically grow iPhone 
sales—Apple took the unexpected step of licensing Microsoft Exchange 
ActiveSync (EAS) technologies. Beginning with Software Update 2.0, 
iPhone customers will be able to access push email, push calendaring, 
push contacts, and global address lists (GALs) via Exchange. 

But Wait, There's More 

Apple isn't just adopting Exchange. It's also providing enterprise- 
oriented features in Software Update 2.0, including VPN support 
(specifically only Cisco IPsec VPN), certificates and identities (two- 
factor authentication), enterprise-class Wi-Fi (WPA 2 Enterprise, 
802. lx), enforceable security policies (such as mandating the use of 
PINs on the iPhone), centralized device configuration, and remote 
wipe (so that a stolen or lost iPhone can be erased to remove any 
personal or corporate data on the device). These features might not 
seem particularly leading edge to anyone well-versed in enterprise 
mobility, but remember this is Apple we're talking about here. That 
this company is willing to go to these lengths to make the iPhone 
roundly successful is amazing. 

Apple is implementing this enterprise functionality using the latest 
Microsoft-oriented techniques, and it will all work with the existing 
Mail, Phone/Contacts, and Calendar applications already built into 


the iPhone; you won't need separate applications. (On a related note, 
Apple is also building Exchange client support in Mac OS X 10.6, code- 
named Snow Leopard, now due in mid-2009.) 

Enterprise Application Deployment 

When Apple first announced Software Update 2.0 back in March 2008, 
one of the big questions was how enterprises would deploy their own 
custom applications. The company responded to this need by pro¬ 
viding a way for enterprises to distribute apps themselves. Basically, 
enterprises can authorize iPhones, then create applications that run 
only on those phones. They will distribute those applications on their 
own intranet, using any security they like, according to Apple CEO 
Steve Jobs. Users will download those apps onto their computer and 
sync them to the phone through iTunes. That last bit may cause some 
nervous glances: I have a hard time imagining enterprises rolling out 
iTunes to their users. 

Apple also announced a third, ad hoc form of iPhone application 
distribution. This style of application distribution should be particu¬ 
larly interesting to educational institutions, which might need to email 
iPhone applications to classrooms of users or other large groups, 
although Apple didn't provide many details. There are limits to ad 
hoc app distribution—each entity, which could be a classroom, for 
example, syncs with only 100 phones—but it does appear to meet a 
need that's somewhere between what consumers want and the more 
stringent needs of enterprises. 

Availability and Pricing 

Software Update 2.0 will come with iPhone 3G devices and will be 
made available for free to users of original iPhones. Interestingly, this 
software will also be made available for the iPod touch, Apple's touch 
screen (and iPhone-like) portable device, which could turn this iPod 
into an interesting mini mobile tablet. However, iPod touch owners 
will have to pay $9.99 for the upgrade. 

Unfortunately, users who access the enterprise-oriented features 
of the iPhone or iPhone 3G—by, for example, accessing Exchange 
resources—will immediately find themselves in a monthly plan that's 
more costly than that offered to consumers via Apple's cellular carrier 
partners (AT&T in the United States, other partners worldwide). Busi¬ 
ness customers will have to pay an additional $15 a month over the 
cost accrued by consumers, or a minimum of $95 a month after all fees 
and taxes. That's exorbitant, even by the data plan standards of today. 
It's unclear if AT&T will offer better international pricing, another weak 
spot with the original iPhone. (Note, too, that iPhone 3G data plans are 
already more expensive than those of the original iPhone, so adding 
enterprise functionality will be even more expensive.) 
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■ NEED TO KNOW 


Recommendations 

Given its price—free—Software Update 2.0 is 
a no-brainer for all iPhone users. That said, 
the iPhone's heady set of enterprise func¬ 
tionality comes at quite a cost. Whether the 
cachet and functionality of the iPhone will 
overcome cost fears remains to be seen, but 
I will say this: The iPhone is in a league of its 
own and is a far nicer device than any RIM 
BlackBerry or Windows Mobile smartphone. 
It's worth at least examining. If the lack of 
Exchange support was your only barrier to 
iPhone adoption previously, iPhone Software 
Update 2.0 removes this problem. 

InstantDoc I D 99524 

iPhone 3G 

B y the time you read this, Apple will 
have released its second-generation 
smart phone, the iPhone 3G. This 
new iPhone hardware offers some important 
improvements over its predecessor. But the 
iPhone 3G also offers some hidden caveats 
that could obviate its most important ben¬ 
efits. Here's what you need to know about 
the iPhone 3G. 

What's Old Is New 

From a form-factor perspective, the iPhone 
3G is almost identical to its predecessor. 
It's actually a hair thicker, but thanks to its 
tapered back, it appears thinner and fits 
better in the hand. The metal back from the 
original device has been replaced by a black 
(or, alternatively, white) plastic back. Mean¬ 
while, the few side-mounted buttons on the 
device are now metal; they were plastic on 
the original. 

Aside from that, the device's processor, 
camera, and display are unchanged. Battery 
life is expected to be comparable to the origi¬ 
nal, meaning it should be excellent. 

That's 3G as in Wireless 

The “3G" in the iPhone 3G's name refers 
to the fact that this device finally works 
with modern third-generation (3G) mobile 
wireless networks. (The iPhone 3G itself is 
a second-generation iPhone.) The original 
iPhone worked only with so-called 2.5G 
networks such as AT&T EDGE, a network 
whose performance and availability is so 
infamously poor that it's widely referred to as 
the iPhone's Achilles Heel. 
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AT&T's 3G wireless net¬ 
work, however, fares much bet¬ 
ter, and testing has found it to 
be faster than competing 3G 
wireless networks from carri¬ 
ers such as Verizon. That said, 

AT&T 3G is available in very few 
markets—major cities such as 
New York and San Francisco are 
well covered, but move outside 
these areas and your results will 
vary widely. For this reason, the 
iPhone 3G will also fail back to 
EDGE if AT&T's 3G network can't be found. 
(Like its predecessor, the iPhone 3G is also 
compatible with Wi-Fi-based wireless net¬ 
works as well. Note that 3G, like Wi-Fi, is only 
used for Internet services and doesn't affect 
voice calls.) 

Its 3G coverage aside, the iPhone comes 
with one other competitive disadvantage: It 
can't be tethered to a mobile PC and used 
as a wireless modem. And the iPhone 3G 
incurs a more expensive data plan than does 
the original iPhone, thanks to its faster net¬ 
working and an assumption that iPhone 3G 
customers will be heavier data users. 

True GPS 

A glaring omission in the original iPhone was 
its lack of GPS functionality, due to the lack of 
a GPS hardware chipset. Apple partially made 
up for this omission in the original device with 
a software update that used Wi-Fi access point 
or cellular tower triangulation to estimate 
location, and though better than nothing, it 
offered nowhere near the accuracy of true 
GPS. The iPhone 3G dispenses with this 
software trickery by offering GPS hardware 
that integrates with the phone's Google Maps 
application for highly accurate tracking. 

Availability and Pricing 

Although the original iPhone was available 
in only six countries, the iPhone 3G will ship 
to a much larger audience. Apple says that it 
will ship in 25 countries at launch and will 
be available in up to 70 countries by the end 
of2008. 

Pricing is a controversial area. While the 
original iPhone debuted at ungodly prices 
($499 and $599 for the two original models) 
and carried steep monthly packages because 
of its data plan requirement, the iPhone 3G 
comes with a more traditional buying model. 
For individuals, the iPhone 3G will sell in 


two versions, one with 8GB 
of flash storage for $199 and a 
16GB model that will retail for 
$299. (These prices are for the 
United States only; Apple says 
they represent the maximum 
pricing we'll see worldwide.) 

If that sounds like a 
huge price cut, hold on to your 
calculator: AT&T and Apple's 
other worldwide wireless car¬ 
riers are now subsidizing the 
cost of the device, so monthly 
charges are going up—way up in some cases. 
The base monthly fee for an iPhone 3G is $10 
higher than it was for the original device—or 
about $80 a month after fees and taxes. Put 
another way, over the course of a two-year 
contract, the iPhone will cost at least $40 more 
than its predecessor. And that price doesn't 
include Short Message Service (SMS) mes¬ 
saging anymore, a feature that will incur addi¬ 
tional fees. The low-end SMS package will 
add another $5 a month. So if you use SMS, 
the iPhone 3G is at least $160 more expensive 
than its predecessor, over two years. Business 
customers—that is, those who wish to use the 
iPhone 3G to access Exchange Server-based 
email, contacts, and scheduling—will pay 
even more. 

Recommendations 

If you already have an original iPhone, 
upgrade to iPhone 3G only if you're sure 
you're going to get good coverage by AT&T's 
3G network. Otherwise, you might want to 
hold off: The original iPhone will offer iden¬ 
tical performance on AT&T's EDGE network 
and can be upgraded for free to utilize the 
same system software as the iPhone 3G (and 
access business features such as Exchange). 
If you live in a major city, or are sure that 
you can get AT&T 3G, the extra cost of the 
iPhone 3G might be warranted. AT&T 3G 
performance is excellent, and you're going 
to want it to take advantage of Apple's iPhone 
App Store and to keep your Exchange data 
synchronized efficiently. ^ 
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WINDOWS POWER TOOLS 


Minasi 

"Although Winrs is a remote-control tool, 
it doesn't require that you open any of the Five 
Ports of Peril—TCP 135,139, and 445 
and UDP 137 and 138." 



Server Core from Afar 

Use WinRM and Winrs to set up remote Server Core administration 


I n this column's continuing effort to configure Windows Server 
2008's GUI-less incarnation, Server Core, we've named the 
server, given it a DNS suffix, assigned static IP values, enabled 
Automatic Updates, and worked with Ocsetup and Odist- 
tools that let you add or remove server modules such as DNS 
and DHCP. Now, let's set up remote Server Core administration 
by taking the nifty, new remote-access tool Winrs for a spin. 

A Better Alternative 

When I set up Server Core systems for clients, they always want to 
know how to enable Remote Desktop. My answer is always, "Wait! 
There's a better alternative!" Server Core can't run 95 percent of 
GUI-based applications, so there's no need to enable Remote Desk¬ 
top, particularly when Server 2008 and Windows Vista share a new 
secure remote command shell—that is, the Winrs command. 

I like Winrs because although it's a remote-control tool, it doesn't 
require that you open any of the Five Ports of Peril—TCP 135, 139, 
and 445 and UDP 137 and 138. Winrs runs atop TCP port 80; it essen¬ 
tially runs on HTTP or, more exactly, HTTPS traffic. To do so, Winrs 
takes advantage of the relatively new Windows Remote Manage¬ 
ment (WinRM) protocol that's built into Server 2008 and Vista. You 
enable WinRM by typing (from an elevated command prompt) 

winrm quickconfig -quiet 

Run that command on both the host and client machines—you need 
only do it once. 

WinRM won't let Winrs communicate with any hosts except the 
ones it trusts. WinRM trusts all fellow members of an Active Direc¬ 
tory (AD) forest, but a WinRM client won't talk to another system in a 
workgroup unless you give the client the OK by issuing the command 

winrm set winrm/config/client @{TrustedHosts=”<list>”} 

where list is either a comma-delimited list of DNS names or IP 
addresses of trusted systems, or an asterisk to denote "trust every 
host." For example, to trust the system at 192.168.1.7 and the system 
named ace.bigfirm.com, you'd type 

winrm set winrm/config/client @ 

{T rustedHosts=”192 .168 .1.7,ace.bigfirm.com”} 

You must type the TrustedHosts command on the client, not 
the server. Thus, if I wanted to use Winrs to control a Server Core 
system from a Vista system, all I'd have to do is enable WinRM on 


both systems, then execute a TrustedHosts command on the Vista 
machine, and I wouldn't have to execute one on the Server Core 
system. That seems a bit backward to me! In fact, given that Winrs 
requires NTLM, Kerberos, or certificate-based logons by default, it 
already boasts plenty of security, and you're probably safe by simply 
typing the following command at the client: 

winrm set winrm/config/client @{TrustedHosts=”*”} 

Putting It to Work 

To find out your system's current list of trusted hosts, you'd type 
winrm get winrm/config/client 

Assuming that your client system trusts the remote Server Core 
system and that both systems have run winrm quickconfig (or the 
Group Policy equivalent), you'd then type 

winrs -r:<remotesystemnameoraddress> [-u:<username>] <command> 

If you're remotely controlling a system in the same forest and 
need to use a different account than the one you're logged in as, or 
if you're remotely controlling another system in a workgroup, you'd 
use that -u parameter. For example, to tell a system named scl 
.bigfirm.com to run an IPconfig command where scl.bigfirm.com 
has an administrative account named administrator, you'd type 

winrs -r:scl.bigfirm.com -u:administrator ipconfig 

Winrs would then prompt you for the password for the administrator 
account, and you'd get the output of an IPconfig command run on 
scl.bigfirm.com. If you need to run several commands instead of just 
one—a likely scenario on Server Core—you'd be better off typing 

winrs -r:scl.bigfirm.com -u:administrator cmd 

On my Vista desktop, Winrs is useful as a command prompt 
that I can open at any time and type an administrative command 
to the Server Core system. I think WinRM and Winrs add up to a far 
superior remote-command solution for Server Core than Remote 
Desktop (unless you're attempting remote control from Windows 
XP, which doesn't offer Winrs). Give it a try! ^ 
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TOP 10 



Otey 

"Comparisons of Hyper-V to Microsoft 
Virtual Server and VMware's ESX Server 
always stir up a lot of confusion." 


Hyper-V FAQs 

Eliminate virtualization confusion about scalability, migration, and other topics 


H yper-V is Microsoft's newest entry into the enterprise 
virtualization arena. It's the successor to Microsoft 
Virtual Server 2005 R2. Comparisons of Hyper-V to 
Virtual Server and VMware's ESX Server always stir 
up a lot of confusion. To help eliminate some of that 
confusion, here are 10 of the most frequently asked 
questions about Hyper-V. 

“■X Does Hyper-V run on top of Windows Server just like Virtual 
) Server 2005 does? —No. Virtual Server 2005 is a hosted virtu¬ 
alization product, so the virtualization support is provided in a 
software layer run by the host OS. Hyper-V uses a hypervisor-based 
architecture that runs directly on the system hardware: There's no 
intervening host OS. 


O Are Hyper-V and ESX Server essentially the same? —No. 

Both products are hypervisor-based, but the implementa¬ 
tion is quite different. ESX Server device drivers are part of the 
hypervisor itself. Hyper-V uses a microkernel implementation with 
no device drivers in the hypervisor: They're in the parent partition. 

O How do I migrate Virtual Server 2005 VMs to Hyper-V?— 

Uninstall Virtual Machine Additions from the VM you want 
to migrate. Next, move the Virtual Hard Disk (VHD) image to 
a location accessible by the Hyper-V Manager and build a VM that's 
comparably configured. Finally, when prompted to create a new 
virtual drive, select the existing Virtual Server 2005 R2 VHD file. 
However, you'll be prompted to reactivate because Windows will 
detect a massive hardware change. 


O Can I upgrade to Server 2008 and get Hyper-V? —In most 
cases, you won't be able to upgrade older servers to take 
advantage of Hyper-V. Hyper-V requires an x64 processor with 
hardware-assisted virtualization capabilities (i.e., Intel's Intel-VT or 
AMD's AMD-V). Systems more than a year or two old aren't likely 
to have such processors. 

O Does Hyper-V support non-Windows OSs as guests? —Yes. In 
addition to Windows OSs, Hyper-V will support all Xen-enabled 
Linux distributions as first class virtual machines (VMs). You 
can find a list of the supported Hyper-V guest OSs at www.microsoft 
.com/windowsserver2008/en/us/hyperv-supported-guest-os.aspx. 


O Does Microsoft's licensing for running a virtual environ¬ 
ment under Server 2008 Enterprise Edition and Datacenter 
Edition apply only to Hyper-V?— No. This licensing applies no 
matter what virtualization product is used, including VMware's ESX 
Server. Microsoft allows up to four active VMs under Server 2008 
Enterprise Edition and an unlimited number of active VMs with 
Server 2008 Datacenter Edition. 

O Is Hyper-V more scalable than Virtual Server 2005 R2?— Yes. 
Hyper-V runs on 64-bit hardware and it supports virtualization 
hosts with up to 2TB of RAM and VMs with up to 64GB of RAM. 
This is far above Virtual Server 2005 R2's limit of 3.6GB of RAM per 
VM. In addition, Hyper-V supports VMs with up to four virtual CPUs; 
Virtual Server 2005 R2 is limited to single-processor VMs. 


O Does Hyper-V have tools to convert VMware VMs to Hyper-V 
VMs? —No. Microsoft's Virtual Server Migration Toolkit 
requires Automated Deployment Services, making it too dif¬ 
ficult to use. Microsoft's System Center for Virtual Machine Manager 
converts VMware VMs to VHD image format, but it isn't free. You can 
find free and commercial third-party tools as well. 

O Is Virtual Machine Additions required with Hyper-V? —In 

Virtual Server 2005, Virtual Machine Additions moved part 
of the VM processor into the host kernel. Hyper-V's use of 
hardware-assisted virtualization makes that unnecessary. After the 
guest VM has been installed, you can optionally install integration 
components that add functions such as a data exchange service. For 
Windows Server 2003, integration components are necessary to get 
device drivers for Hyper-V's synthetic devices. 

O How do I get the final release version of Hyper-V? —The 

version of Hyper-V that shipped with Server 2008 was pre¬ 
release code. The final release of Hyper-V will be distributed 
from Microsoft via Windows Server Update Services. VMs created 
under the Hyper-V beta will need to be rebuilt, but VMs created 
using the release candidate should be compatible. ^ 

InstantDoc ID 99440 


MICHAEL OTEY (mikeo@windowsitpro.com) is technical director for Win¬ 
dows IT Pro and SQL Server Magazine and author of Microsoft SQL Server 
2008 New Features (Osborne/McGraw-Hill). 
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Tired of Nursing 
Your Exchange 
Server? 


j^nyone who has given birth to an Exchange 
network knows it can get sick and needs 
some nursing to stay healthy In fact, 72% 
of Exchange Administrators surveyed* have 
“experienced” an Exchange disaster (feels 
like the flu)—usually from improper feeding 
and care. 


Prevent Hiccups 

GOexchange removes errors, warnings and 
inconsistencies within the database—before 
major corruption makes the database fail. 

“GOexchange corrected 2,264 errors 
and 26 warnings. 99 


Like many databases, constant adding and 
deleting can corrupt an Exchange data file 
so it eventually turns sour. Replicating, 
archiving and backing up the data doesn’t 
stop the stink—it just stores it. You’ve 
got to... 

Fix the Problem 

You may have tried the free utilities to fix 
Exchange. While they help, they are too 
tedious, time consuming and lightweight to 
keep your Exchange baby healthy. You’ve 
tried the milk, now try some meat! 


Paul Ramos, Director IT 

Run, Don’t Crawl 

In addition to fixing the database, 

GOexchange removes sluggishness and 
improves performance by re-indexing and 
defragmenting the database to permanently 
remove white space and deleted items. The 
end result is increased performance and 
stability with a compact efficient database 
that’s 31 to 55% smaller! Combine this 
with archiving and the database is up to 91% 
smaller—making it much quicker to backup. 


Created By 



Solutions Inspiring Confidence 


“Life before GOexchange...was 
an absolute nightmare , late nights, 
long weekends and upset users. 99 

Marty Grogan, CTO 

Stop The Crying 


Pamper Yourself with GOexchange 

It’s time to try GOexchange, from Lucid8, 
the #1 best-selling automated disaster 
prevention and optimization software for 
Microsoft Exchange 5.5, 2000, 2003 and 
2007. As the mother of all Exchange tools, 
GOexchange helps prevent disasters, repair 
problems, improves performance, and 
saves you a lot of time. 

“Without routine maintenance , 
decreasing performance , 
increased warnings and 
errors accumulate and 
database fragmentation 
transpires, leading to 
Exchange disasters. 99 

Gartner 


“..our information stores were reduced 
by 45-50%." 

Dale Huitt, Systems Lead 

Automated Babysitter 

First, GOexchange is easy to setup and use. 
Twenty minutes—-that’s all it takes to get 
your server up and running. Just schedule it, 
and walk away! 

The software notifies the users, validates 
the database, runs the backup, conducts 
a comprehensive system analysis and 
diagnostics, logs the errors, and notifies you 
if it discovers a “stop” error—then it repairs 
and defragments the database, generates a 
thorough report and schedules the next event. 

You can do some of this work yourself, but 
why waste time doing repetitive maintenance, 
when GOexchange can do it for you—faster 
and more effectively than doing it by hand. 


Why not call now, or visit our resource 
site and leam how to reduce the risk, and 
avoid the pain. Protect your exchange data, 
maximize performance, and spend a weekend 
at home —instead of babysitting Exchange. 


Special Offej 

• Free Software for analysis of your 
Exchange server! 

• Free White Paper—“Basic Feeding 
of Your Exchange Server.” 

• Free Essential Guide to Exchange 
Preventative Maintenance 

Go to: www.Lucid8.com/GolTPro 
Call 425.456.8474 
E-mail: Sales@Lucid8.com 




Copyright © 2007 Lucid8. All rights reserved. Microsoft® Exchange Server is a registered trademark of Microsoft® Corporation. All other trademarks are the property of their respective owners. * Refers to Survey conducted by Lucid8. See press release for more details. 
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Uninterruptible 
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Smart-UPS SC Series 
Silver Winner 
Uninterruptible 
Power Supplies 
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Uninterruptible 
Power Supplies 
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16-Port IP KVM AP5405 
Bronze Winner 
Uninterruptible 
KVM over IP Switches 
Category 


® 


by Schneider Electric 


www.apc.com 










SmartShedding 
Technology 



Allows the master outlet to 
sense when your computer 
has either been turned off 



or has gone into sleep mode, 
so it can shut off power to 
peripherals plugged into the 
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controlled outlets-saving 



you power and money. 
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Uses up to 5x less power in normal operation than any other battery backup. 


Let's protect what's important 

What's in your computer? Photos, music, 
personal files, financial data, broadband 
access, videos, and more. Your computer 
has never been more important, and 
yet it has never been at higher risk 
for damaging power surges and other 
disturbances. 


So like most people, you need to protect 
your assets. But like most people, you'd 
also like to protect the environment. 

With our new energy conscious products, 
you can do both. Energy efficient by 
design, our new smart products protect 
the power going into your computer, 
at a cost that is quickly offset by big 
energy savings. How? Not only do the 
new Back-UPS ES® and SurgeArrest® 
use power very wisely, they also boast a 
master/controlled outlets feature, which 
automatically powers down idle devices 
to conserve energy. 


APC power protection products are available at: 

§8V COW? USS 

x J v that was easy.- 

Office depot 


"The pricetag on the new UPS is $99.99. 
While I'm not in the habit of endorsing 
products in this blog, if you're in the market 
fora workstation-class UPS, why not opt 
for the greener option?" 

- Heather Clancy, 
ZDNet.com 


In fact, while protecting your power 
supply, we're up to 5 times more energy 
efficient than any other solution. By 
saving you $40 a year in energy costs, 
our Back-UPS ES pays for itself in 2 
short years. The high frequency, low 
copper design has a smaller transformer 
and environmental footprint. Even the 
packaging has been carefully selected 
and manufactured to maximize use of 
recycled materials and minimize waste. 


In this world, every decision you make 
counts. So protect your power with a 
battery backup that works to protect 
the environment. It conserves power, it 
pays for itself, and it's backed by APC's 
20-plus years of legendary reliability. 

For more information on this _ 

or our other great products, 
or for information about 
environmentally responsible 
disposal of your old battery, 
visit www.apc.com 


Energy efficient solutions for 
every level of protection: 


Surge Protection 

Starting at^34 

Guaranteed protection 
from surges, spikes, 
and lightning. 

7 outlets, Phone/Fax/Modem 
Protection, Master/Controlled Outlets 



Battery Back-UPS 

Starting at $ 99 
Our most energy 
efficient backup for 
home computers. 

10 outlets, DSL and Coax 
protection, Master/Controlled 
Outlets, High Frequency Design, 
70 minutes of runtime 1 




Enter to Win a Back-UPS® ES 750G! (a $99.99 Value) 


APC can help with your other power protection needs. 
Visitapc.com to see our complete line of innovative products. 


Also, enter keycode to view other special offers and discounts. 

Visi t www.apc.com/promo Key Code d196w or Call 888.289.APCC x8007 or Fax 401.788.2797 


Legendary Reliability® 


© 2008 American Power Conversion Corporation. All trademarks are owned by Schneider Electric Industries S.A.S., APCC, or their affiliated companies, 
e-mail: esupport@apc.com • 132 Fairgrounds Road, West Kingston, Rl 02892 USA • 998-0967 Runtimes may vary depending on load. 

* Average savings are based on comparable competitive models, and are comprised of two energy saving features: an ultra efficient electrical design, and the master/controlled outlets feature. 



















Measure 


Analyze 


Monitor 


Easy to install 

More than 130 ready-to-use reports 


SILVER 
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Statistics 
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Watch your email system 
and generate reports 
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Supports all versions of Exchange 
Agentless, install on a workstation 
Priced per server 


Reports on all kind of traffic 

Mailbox and public folder content reports 

Information store size reports 


Download a fully functional evaluation version www.promodag.com 
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PROMODAG Reports for Exchange 
Silver Winner 
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Tools Category 
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SOLUTIONS FROM YOUR PEERS ■ 


ONLINE 

windowsitpro.com 


Be Part of a Windows IT Pro 
Cover Story 

The Reader to Reader (R2R) section is writ¬ 
ten for IT pros by IT pros. That's what makes 
it such a hit among Windows IT Pro readers 
and Web site visitors. To showcase the 
talent and creativity of these IT pros, we're 
planning to feature the most interesting 
R2R write-ups in a cover story. 

So, if you've come up with a creative 
shortcut, solved a plaguing problem, 
turned a tedious task into an effortless one, 
or come across information other IT pros 
should be aware of, let us know about it. 
You don't need to be a skilled writer. We 
have editors who will turn your write-up 
into polished prose. All you need to do is 
tell us in 1,000 words or less what prompt¬ 
ed you to come up with the shortcut, solu¬ 
tion, or streamlined task and how it works. 
If you're sharing information, let us know 
how you came across that information. You 
can send your R2R write-up (or write-ups if 
you'd like to send more than one) to r2r@ 
windowsitpro.com. _ 

We'll be sending all the R2R write-ups 
we receive in the next few months to our 
technical editors, who will decide whether 
to accept them for publication. A panel will 
then review all the accepted R2R submis¬ 
sions and select the most interesting write¬ 
ups for the cover story. The accepted R2R 
write-ups that aren't selected for the cover 
story will be printed in the R2R section in 
future Windows IT Pro issues. Whether an 
R2R write-up is part of the cover story or 
printed in the R2R section, the author will 
receive $100 when it's published. 

Send your R2R write-up to us today! 



According to Microsoft, every 10 PCs 
that switch from Windows XP to the 
more energy-efficient Windows Vista is 
the equivalent of taking an automobile 
off the road in terms of carbon dioxide 
emissions. 


■ Cover Story ■ Taskbar Buttons 

■ Socket Layer 


READER TO READER 


Use Netsh to Reset the Windows 
Socket Layer 

I recently encountered a serious problem in 
my Windows Vista 64-Bit Edition machine. 
Suddenly and for no apparent reason, I 
couldn't open any Web pages because 
Microsoft Internet Explorer (IE) repeatedly 
failed to connect to Web sites. (Although 
Vista x64 comes with both the 32-bit and 
64-bit versions of IE by default, Vista x64 
opens the 32-bit version because most of 
the plug-ins fail to run or even install in the 
64-bit version.) After some investigation, 

I discovered that some of my other 32-bit 
programs couldn't connect to the Internet 
or any network. Also, the 32-bit programs 
were crashing when I tried to close them. 
Curiously, the 64-bit programs didn't expe¬ 
rience these problems. I could open, close, 
and use them to connect to the Internet 
and networks. 

I knew that TCP/IP wasn't causing the 
problem because my machine could ping 
hosts and resolve DNS names.The event 
logs didn't contain any relevant entries, 
except for those noting that the 32-bit ap¬ 
plications crashed. 

I tried restoring the system and repair¬ 
ing the network connection, but the 
problem remained. Vista SP1 Release Candi¬ 
date 1 (RC1) had been made public the day 
before, so I gave it a try. Nothing changed. 

At this point, I seriously considered 
reinstalling Vista but instead decided to 
use the ISO Open Systems Interconnection 
(OSI) model to troubleshoot the problem 
and find a solution. (If you're unfamiliar 
with the OSI model or you need to refresh 
your memory, go to the Microsoft article 
"The OSI Model's Seven Layers Defined and 
Functions Explained"at support.microsoft 
.com/kb/103884.) 



Because every 32-bit application was 
experiencing problems, it wasn't applica¬ 
tion specific, so I eliminated the application 
layer. The problem didn't seem to have any 
relationship with conversion or encryp¬ 
tion, so I also 
eliminated the 
presentation 
layer. 

I then had 
to deal with 
the session 
layer. I opened 
a 32-bit Telnet 
client and 
tried to open a 

session with a server. The program failed to 
connect without even creating any network 
traffic. (No packets were being transmit¬ 
ted or received on the NIC's properties. I 
even used a sniffer to double-check this.) 

I wondered whether there was a way to 
repair just the session layer in Windows. 
After I rejected the idea of trying to find 
the relevant DLLs and replacing them with 
DLLs from the Vista DVD, I remembered an 
old tool that I hadn't tried: Netsh. 

While doing some Internet research on 
Netsh, I found the Microsoft article "How to 
determine and to recover from Winsock2 
corruption in Windows Server 2003, in 
Windows XP, and in Windows Vista" 
( support.microsoft.com/kb/811259) . This 
article presented a solution that made 
sense: Use Netsh to reset the Windows 
socket layer. 

Using Netsh for this purpose is easy. You 
just need to open a command prompt, start 
the Netsh program, then type winsockreset. 
Alternatively, you can abbreviate winsock to 
wins so that you're typing wins reset. You have 
to reboot for the changes to take effect. 


Share your Windows discoveries, comments, solutions to problems, and experiences with products 
and reach out to other Windows IT Pro readers (including Microsoft). Email your contributions to 
r2r@windowsitpro.com. Please include your phone number. We edit submissions for style, gram- 
mar, and length. If we print your submission, you'll get $100. Submissions and listings are available 
online at www.windowsitpro.com. Enter the InstantDoc ID in the InstantDoc ID text box. 
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Microsoft's 
Celine Allee 
Talks About 
Windows Client 
TechCenter 

In a recent candid 
conversation, Celine Allee 
spoke with Michele Crockett, 
publisher of Windows IT Pro 
Custom Media, about how 
the Springboard Series is 
evolving into the Windows 
Client TechCenter (www 
.microsoft.com/snrinaboard) , 

which provides resources, 
tools, monthly straight- 
talk articles, and upfront 
guidance based on early 
adopter and community 
feedback. You can view a 
video of the entire interview 
a t http://ittv.net. 


The Evolution of the 


Springboard to a new Web site 

Michele Crockett: Celine, let's talk about 
some of the goals that you've had and 
some of the significant changes with the 
Windows Client TechCenter Web site that 
you're rolling out. 

Celine Allee: Certainly! The first thing I'd 
like to underscore is that the Springboard 
Series online has been around since 
November of last year. And that has 
become the blueprint of the new Windows 
Client TechCenter. We now have a 
managed experience across an adoption 
lifecycle that IT pros can self-select from in 
order to get the right resources, at the right 
technical level, at the right time if they're 
looking to adopt new OS technologies 
such as Windows Vista. We also have 
a managed experience across XP. This 
is very much an OS-agnostic resource, 
which is focused on the key activities 
and tasks of IT pros, to get them the help 
that they need, when they need it, in a 
more straightforward, more manageable, 
discoverable manner. 

What's significant compared to the 
past is that typically we've had resources 
that have launched with the operating 
system—for example, single-image 
management, which came with Windows 
Vista. We've actually built tools: People 
are familiar with BDD, now known as 
Microsoft Deployment Toolkit. But the 
missing piece in this structured guidance 
has been to not just learn how to do 
and implement a simple or complex 
task, but also help you understand why 
you might want to get on board with 
newer technologies. So by being able to 
have a managed experience across the 
adoption lifecycle, you're able to not just 
understand how to do certain things, but 
also some of the rationale behind why you 
should even get on board. Then you can 
start to assess the road ahead, plan for 
adoption, understand the advantages that 
you can have along the way, learn tips and 
tricks from other people in the community 
who are going down similar paths. So 
you're able to better understand both the 


risk and the opportunity, and feel more 
confident moving forward. 

Michele: And how did you engage the 
community to find out what some of their 
main pain points were? 

Celine: My role in that, and my team's 
role, is to be a sounding board in the IT 
pro community. For example, we talk to 
the community and manage the Windows 
forums. You'll see us at events where we 
do Microsoft Learning programs. The 
Windows Client TechCenter is designed 
to address the key questions and issues 
that IT pros have as they move forward 
in their adoption path. Questions people 
have when they're just discovering their 
technology are very different than when 
they're in the pilot phase, or even the 
explore phase, of their adoption lifecycle, 
through to deployment and management. 
It's just a different set of issues and 
questions. So we try to acknowledge those 
upfront and be more proactive in the 
guidance that we offer. 

Our whole approach with the new 
Windows TechCenter and the Springboard 
Series, which exists in the TechCenter, is 
to make sure that what we provide fits into 
a real-world context, based on the key 
activities that IT pros may be doing, and 
the key pain points they're encountering 
in doing their day-to-day jobs. 

Michele: I noticed in the new TechCenter 
Web site that the resources for XP and 
Vista are rolled together in one place, 
whereas in the previous version those were 
separate resources. Can you talk about the 
background on that change, and what the 
influences were? 

Celine: When organizations are adopting 
a new OS, it's not like they're replacing 
one OS for another very quickly. The 
migration happens over a long time. So 
it didn't make sense for us to have two 
distinct tech centers. We also believe in 
more of the managed experience that we 
want to create. We want to make sure it's 
very easy for users as they're migrating to 
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a more modern OS environment such as 
Windows Vista, with other components, 
like Microsoft Desktop Optimization Pack, 
to get the resources that they need. And we 
want to make sure that we're able to guide 
IT pros based on where they're at, from an 
infrastructure maturity perspective. So the 
philosophy around one Windows Client 
TechCenter is that this is the one-stop 
shop, the one engagement platform to 
get all that guidance and advice. And that 
feedback, that guidance, is not coming 
only from Microsoft; it is coming from the 
community, too. 

A One-Stop Resource 

Michele: Let's talk about the structure of 
the Windows Client TechCenter and some 
of the functionality. Can you give us a few 
high points about how the information is 
organized for IT pros? 

Celine: Certainly. First of all, to get to the 
new TechCenter, go to www.microsoft. 
com/springboard. Once you get there, 
you'll see that we have this notion of an 
adoption lifecycle. Literally, what you 
want to do is self-select where you feel 
you are in the adoption lifecycle. These 
resources are actually part of what we're 
calling the Springboard Series. So anything 
that's part of the Springboard Series is 
literally vetted to make sure that it really 
is at the right level, and it's at the right 
relevance, dependent on the particular 
adoption pillar you select. And you'll see 
that information is organized even from 
an overview perspective or an advance 
perspective. We're trying to make sure that 
we can shortcut your adoption path, your 
experience; so that's really important. 

You'll also see that there are new 
community components. There are blogs 
from various SMEs, the Windows Vista 
Team blog, Mark Russinovich. Access 
to the forums is far more prominently 
indicated, so that you can get and give 


advice from IT professionals who are your 
peers. 

One of the neat things that we've added 
is more assistance with troubleshooting 
and support resources. For example, 
knowledge-based articles—how do you 
search that database a lot more easily? 

And that was in direct reaction to people 
saying that they wanted to have a better 
experience in finding some of these really 
critical articles that exist today. In many 
respects it wasn't that we don't have a lot 
of the resources and information; it's just 
been a bit hard to find. 

As you continue to explore the 
TechCenter site you'll notice that we have 
task areas that are literally deep-dive zones 
where you can get more troubleshooting 
information. For example, one of the 
most interesting, widely debated areas is 
Application Compatibility, especially if 
you look at Windows Vista adoption. In 
that zone we have information organized 
around the top resources. We definitely 
have this view of whatever role you have, 
here are the critical resources that you want 
to look at first. So if you're a project man¬ 
ager, or a tester, for example, you get the 
resources that you might require in order to 
help you solve some of the issues you're en¬ 
countering with application compatibility. 

The TechCenter site also provides a 
database that drives in a live feed of the 
latest and greatest applications that have 
been tested for working with Windows 
Vista, either certified as part of our local 
program, or as reported by the ISVs 
themselves as being ready for Vista. This 
is the type of information that, as an IT 
pro, can be leveraged and utilized as 
you're looking at a Vista migration. These 
particular zones are interesting because 
they underscore some of the areas where 
we've been asked for deep-dive guidance. 
And equally, if you look at Hardware 
Compatibility and Performance, you'll see 
a similar experience. 


Make it Your Own 

Michele: And as time goes on, I assume you 
can collect metrics from the site to find out 
which areas of the site people have great 
interest in—you know, which resources are 
getting hit the most? 

Celine: Absolutely! This is built and created 
by the community, for the community. The 
whole approach is what we're doing with 
the Springboard Series. And having that 
be the blueprint of the experience on the 
Windows Client TechCenter is literally to 
make sure that we have a greater level of 
empathy, that we're actually being more 
thoughtful about how we present things, 
based on what people are trying to achieve. 
We know people don't have all the time in 
the day to find answers to their questions. 
And the worst thing, too, is searching for 
something and your challenges, your 
issues are not acknowledged. So we're 
trying to get better at that and this is a step 
in that direction. We know that there's 
clearly more work to be done, but we're 
hoping that through this experience and 
through additional feedback from the 
community that this really does become a 
real rich, one-stop resource. 

Michele: I'm looking forward to the next 
evolution of the site. What are some of 
the things that you foresee being able 
to implement as time goes on that will 
enhance the experience more? 

Celine: Our goal is to make sure that we 
respect people's time, that information 
becomes far more consumable. This is just 
a start of things. I want folks to get behind 
this. This is your resource. We're hoping 
that this is going to become very rich, it's 
going to become very engaging, and it's 
designed for everyone reading this. So the 
more you make this your own, the more 
you tell us what you want to see, the more 
it will be your own. 
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■ READER TO READER 


I like Netsh and have used it many times 
throughout the years. However, I didn't 
realize you can use it to repair the Windows 
socket layer because I never faced that prob¬ 
lem before. Now I have one more reason to 
like Netsh: It fixed the problem and saved me 
from the always painful reinstallation. 

—Apostolos Fotakelis, systems administrator, NATO, 
and freelance IT consultant 
InstantDoc I D 99370 

Customize the Size of 
Taskbar-Button Groups 

If you often have multiple instances of 
applications (e.g., several Microsoft Word 
documents, several Microsoft Excel spread¬ 
sheets) open on your 
desktop, one of the 
handiest Win- 
^ dows features 
is taskbar-but¬ 
ton grouping, 
which was 
introduced in 
Windows XP. 

As you prob¬ 
ably know, for 
each instance of an application, Windows 
places a button in the taskbar. The taskbar 
can get crowded if you have a lot of but¬ 
tons. Instead of having virtually unreadable 
taskbar buttons in multiple rows at the bot¬ 
tom of the screen, you can group taskbar 
buttons. 

You can control whether taskbar buttons 
are grouped by right-clicking the Start but¬ 
ton, choosing Properties from the context 
menu, and selecting theTaskbar tab. As 
Figure 1 shows, you select the Group similar 
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taskbar buttons check box to group buttons 
or clear the check box to ungroup them. 

When the check box is selected (which 
is the default), taskbar buttons from the 
same application are grouped, but you 
have no control over when grouping starts 
or ends. This behavior is disconcerting 
because as you open and close instances of 
applications, buttons spontaneously group 
and ungroup, causing the buttons to shift 
around. What's worse is that when buttons 
are ungrouped, 


(Excel in this example) will group first. 

When you setTaskbarGroupSize's value 
to 1, Windows will group the buttons for 
the application with the most windows 
open first. When you set the value to any 
other number, Windows will automatically 
group the buttons for any application that 
has at least that many windows open. So, 
by setting theTaskbarGroupSize value to 
2, you can force buttons to always group, 
which is the behavior I prefer. 


Listing TTaskbarGroupSize.vbs 



Figure 1: Grouping similar taskbar buttons in Vista 


you can't use the 
Close Group op¬ 
tion. 

Although 
you can use the 
Tweaklll tool to 
tweak grouping 
behavior, this tool 
isn't available for 
Windows Vista. 

(Tweaklll is part 
of the Microsoft 
PowerToys for 
Windows XP.) 

Tweaklll's cous¬ 
in—Tweakomatic—will run on the 32-bit 
edition but not the 64-bit edition of Vista. 

So, if you have the 64-bit edition of Vista 
or you just want to tweak grouping behavior 
on your own, you can do so by creating a reg¬ 
istry entry named TaskbarGroupSize under 
the HKEY_CURRENT_USER\Software\ 
Microsoft\Windows\CurrentVersion\ 
ExplorerXAdvanced key.The TaskbarGroup¬ 
Size entry has an effect only when the 
Group similar taskbar buttons feature is 
enabled. 

When you setTaskbar¬ 
GroupSize's DWORD value 
to 0, Windows will group the 
buttons by age, which is the 
default grouping behavior. For 
example, suppose you launch 
Word, Excel, then Notepad, 
after which you open many 
files in each application. When 
the taskbar gets too crowded, 
Windows will group the but¬ 
tons for the Word files first 
because Word was launched 
first, provided that it isn’t a 
Word file that’s prompting the 
grouping. If that’s the case, the 
second application launched 


Dim WshShell 

Set WshShell = CreateObject(“WScript.Shell”) 

Dim path 

path = "HKCU\Software\Microsoft\Windows\CurrentVersion\" _ 

& "Explorer\Advanced\TaskbarGroupSize" 

Dim value 

If WScript.Arguments.UnNamed.Count = 0 Then 
On Error Resume Next 
value = WshShell.RegRead(path) 

On Error Resume Next 
If VarType(value) = 0 Then 

' The taskbar grouping size hasn’t been set. 

WScript.Echo "TaskbarGroupSize = undefined" 

Else 

WScript.Echo "TaskbarGroupSize =", value 
End If 
Else 

WshShell.RegWrite path, WScript.Arguments.UnNamed(0), _ 

"REG_DW0RD" 

End If 


To make the registry tweak, I wrote 
short script named TaskbarGroupSize.vbs, 
which Listing 1 shows. You can download 
this script by going to www.windowsitpro 
.com, entering 99367 in the InstantDoc ID 
box, clicking Go, then clicking the Down¬ 
load the Code Here button. 

When you run the script by simply 
double-clicking it, it returns the current 
value for TaskbarGroupSize. If that entry 
hasn't been created, it returns the value 
undefined, as Figure 2 shows. When you 
launch the script from the command line 
and provide a numeric argument, it sets 
TaskbarGroupSize to that value for you. ^ 
—Alex K. Angelopoulos, senior network engineer 
InstantDoc ID 99367 


Windows Script Host 




TaskbarGroupSize = undefined 


OK 


Figure 2: Sample results from running 
TaskbarGroupSize.vbs without any arguments 
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ANSWERS TO YOUR QUESTIONS ■ 



■ Active Directory 

■ Authentication 


■ Troubleshooting 


Q: How can I check Active 
Directory (AD) database 
integrity? 

A! You can use Ntdsutil to check the 
AD database. You must have booted 
into Directory Services Restore Mode. 
(At boot time, press F8 and select 
Directory Services Restore Mode.) Start 
Ntdsutil. With Windows Server 2008 
and later, you must first select an ac¬ 
tive instance via the Activate Instance 
NTDS option, which loads the directory 
service; although, if others were pres¬ 
ent, they could be activated instead. 
Access the File Maintenance section 
via the Files command, and run the 
Integrity check. You can also perform 
a Semantic check via the Semantic 
Database Analysis module. 

—John Savill 

InstantDoc I D 99407 

Q: Where are SPNs stored in 
Active Directory (AD)? 

A: Each object has a servicePrincipal- 
Name attribute, which is a multivalue 
attribute in which all SPNs are stored. 
You can use ADSI Edit to view the 
attribute. If the SPN is for a machine's 
Local System account, the SPN would 
be stored in the servicePrincipalName 
attribute of the Computers account in 
AD. You shouldn't write to this value 
directly. It should be updated only via 
the DsWriteAccountSpn call (but you 
can update it directly by using tools 
such as ADSI Edit). 

When a client requests a connec¬ 
tion to a service, the Key Distribution 
Center (KDC) searches the forest for a 
user or computer account for which 
the SPN is registered. If the KDC finds 
registration in more than one account, 
the request for authentication fails, 
indicating a rogue service registration. 

—John Savill 

InstantDoc ID 99408 


ASK THE EXPERTS 



Q: How can I find a user's last 
logon time in a Windows domain? 
Where is a user's last logon time 
stored in Active Directory (AD)? 

A: AD stores a user's last logon time in 
the Last-Logon AD user object attribute. 
As with the logging of account logon 
events, the last logon time is updated 
only in the AD instance of the domain 
controller (DC) that actually authenti¬ 
cated the user, meaning you must query 
all the DCs in the domain in which the 
user's account is defined to find his last 
logon time. 

Microsoft included a new AD user 
object attribute called Last-Logon- 
TimeStamp in Windows Server 2003. 

The Last-Logon-TimeStamp attribute 
stores the approximate value of the 
last logon time of a user. The value is 
approximate because AD replicates the 
Last-Logon-TimeStamp attribute only 
once every 14 days to avoid replication 
overhead. Although the Last-Logon- 
TimeStamp doesn't resolve the problem 
that you must query all DCs in the user's 
domain if you want to know the exact 
last logon time, it does give administra¬ 
tors a way to discover inactive or stale 
accounts. The Last-Logon-TimeStamp 
attribute is activated only when the 
domain is switched to the Windows 


2003 domain functional level. For more 
information about Last-Logon-TimeStamp 
and to download sample scripts to query 
the value of the Last-Logon-TimeStamp 
attribute of a given user, go to www 
.microsoft.com/technet/scriptcenter/ 
topics/win2003/lastlogon.mspx. 

You can also view the value of Last- 
Logon-TimeStamp for a given user from 
the Microsoft Management Console 
(MMC) Active Directory Users and Com¬ 
puters snap-in if you install a special DLL 
called acctinfo.dll. This DLL is included in 
the Account Lockout and Management 
Tools, which can be downloaded from 
www.microsoft.com/downloads/details 
.aspx?FamilylD=7AF2E69C-91 F3-4E63- 
8629-B999ADDE0B9E&displaylang=en. 
Acctinfo.dll adds the Additional Account 
Info tab to an AD user account's proper¬ 
ties, as shown in Figure 1. The Additional 
Account Info tab contains different types 
of account logon and logoff information, 
including the value of the Last-Logon- 

TimeStamp attribute. ^ 

—Jan De Clercq 

InstantDoc 99409 



Figure 1: The Additional Account Info tab 
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Server Virtualization 
Management Solutions 

vRanger Pro™ 

The industry leading backup and recovery solution for VMware® 

Infrastructure, vRanger Pro provides VSS consistent full or 
differential image-level backups and full image or file-level 
restores. vRanger also provides P2V disaster recovery, works 
seamlessly with VCB and integrates with VirtualCenter and most 
third-party backup applications. 



vReplicator™ 

vReplicator leverages virtualization to offer companies a software- 
based approach to replication, enabling full, differential or 
incremental backups of virtual machines to dissimilar hardware, 
thereby reducing the cost of the overall solution while enabling 
more productive use of existing system resources. vReplicator 
can also support replication of VMs to multiple destinations. 



vConverter™ 

vConverter is an enterprise-class conversion solution that 
significantly reduces the time and effort spent converting 
servers to the VMware®, Microsoft®, XenServer® or Virtual Iron® 
platforms. vConverter is the fastest, most reliable and easiest 
to use solution for P2V and V2V conversion on the market today. 



vCharter Pro™ 

vCharter Pro is the only comprehensive, enterprise-ready 
monitoring solution for VMware Infrastructure, that provides 
a single “pane-of- glass” view that consolidates metrics from 
the layers encompassing VirtualCenter to help administrators 
identify performance issues and quickly obtain solutions to 
prevent unplanned downtime, as well as, optimize performance 
of the virtual infrastructure. 




YOUR TICKET TO 
THE EXPERTS 


Vizioncore presents an extensive offering of 
webinars on various topics to help users of 
all levels of expertise get the knowledge 
they need from industry professionals that 
can put all of your questions to rest. 

The following are a selection of upcoming 
webinars from our August 2008 schedule: 

Next Steps: Now that You’re Virtualizing 

Tues., Aug. 5, 2008, at 3:00 p.m. CDT 

vRanger Pro/vReplicator Overview 

Thurs., Aug. 7, 2008, at 10:00 a.m. CDT 

Virtualization 101 

Tues., Aug. 12, 2008, at 9:00 a.m. CDT 

The Benefits of ‘Green IT’ & Virtualization 

Tues., Aug. 26, 2008, at 3:00 p.m. CDT 

Top 10 Tips for Successful Conversions 

Thurs., Aug. 28, 2008, at 10:00 a.m. CDT 

To register for one of these webinars, 
or for a full list of webinars offered, visit 

www.vizioncore.com/webinar 


www.vizioncore.com 

































WindowsITPro 

EDITORS' 

Products to help 
get the most 
out ofyour 
Windows IT 
infrastructure 

by the 
Windows IT Pro 
Editors 





The Windows IT Pro Editors' Best awards recognize prod¬ 
ucts and services that our editors and contributors have 
selected as standing out from the rest in more than a dozen 
categories. Our judging team narrowed the list down to dozens 
of finalists, then winnowed that list even further. After some 
heated discussions and testy email exchanges, we arrived at 
those you see here: the Windows IT Pro Editors' Best awards 
winners. All these products can help you do your job faster, 
more efficiently, or more economically. 

IT pros will undoubtedly debate some of our picks more 
than others. Is the Apple iPhone worthy of a Special Achievement 
award? Talk to a host of mobile phone executives as we did, and you'll see 
why it is—nearly all of them mentioned the iPhone when discussing where 
smartphones in the enterprise are headed. And what about Google Docs, winner 
of our Breakthrough Product award? Although most enterprises might not be using 
hosted applications now, they soon will be: Microsoft is following Google's lead in a push 
to offer more online services through its Software + Services (S+S) strategy. 

Speaking of Microsoft, Windows IT Pro Editorial and Strategy Director Karen Forster 
devotes her IT Pro Perspective column (page 7) to a discussion of the best Microsoft products 
she's seen and hands out awards for three worthy offerings from Redmond. 

The following pages contain what we think are the best products on the market, but we 
also know that you —Windows IT Pro's readers—have your own opinions about which prod¬ 
ucts are worthy of recognition and which deserve a quick delete or spirited heave through 
a nearby office window. We've created an Editors' Best awards category in the Windows IT 
Pro online forums (www.windowsitpro.com) , and we invite you to log on and share your 
opinions of the good, the bad, and the spectacularly ugly products you've had the privilege 
(or misfortune) to buy and use. If you think that our choices are misguided, feel free to log 
on and give us a piece of your mind! 
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Q EDITORS’BEST 


Product of the Year 

VMware ESX Server 3.5 
VMware 

www. vm wa re.co m 


T he Windows IT Pro editorial 
team looks at dozens if not 
hundreds of products every year, 
and picking one winner out of all 
those in a particular category is 
always a challenge. That predica¬ 
ment is further amplified when we consider 
a product for our most prestigious Product 
of the Year award. VMware ESX Server 
3.5—a subset of the VMware Infrastructure 3 
bundle—made our decision easy this year. 

Virtualization has shaken the IT industry 
to its roots over the past few years, and no 
product influenced that sea change more 
than the ESX Server family. In an interview 
with Windows IT Pro, VMware President 
and CEO Diane Greene mentioned how 
virtualization is generating tangible, signifi¬ 
cant cost and energy savings for IT admin¬ 
istrators. “We estimate that there have been 
at least six million workloads virtualized 
since 1998," says Greene. “If we figure 7,000 
kilowatt hours for every physical server that 
is virtualized per year, that goes to 39 billion 
kilowatt hours. [That translates] into about 
$4.4 billion saved, which represents enough 
energy to power Denmark for a year." 

In addition to the energy and cost savings 
that ESX Server 3.5 has generated, it has also 
helped radically redefine how IT pros manage 
their infrastructures. Michael Cisek, the direc¬ 
tor of emerging infrastructure and operations 




VMware President and CEO Diane Greene (above and below) 


support for PITT OHIO EXPRESS, has relied 
on ESX Server 3.5 (and the VMware Infra¬ 
structure 3 bundle) to radically revamp his 
IT infrastructure. “We've been able to reduce 
our server pool using server consolidation, 
often at a fifteen-to-one consolidation ratio. 
Our server deployment time went from days 
or weeks to minutes and hours, thus reducing 


the overall development cycle ofnewproducts 
and application," says Cisek. “We've also expe¬ 
rienced zero-cost hardware replacements [by 
using virtual machines]; when equipment 
begins to fail, we perform physical-to-virtual- 
server conversions... We're also in the process 
of converting to a virtual QA infrastructure. 
Our goal is to have one-to-one representation 
of all mission-critical applications for QA and 
testing. Finally, our developers used to main¬ 
tain multiple physical workstations: one for 
production, one for development, and one for 
QA. We've been able to consolidate all three of 
those functions onto one physical PC by using 
VMware Workstation." 

The impending arrival ofWindows Server 
2008 with Hyper-V will mean more compe¬ 
tition for VMware in this rapidly growing 
market segment. If VMware can revolution¬ 
ize the IT industry in an unopposed mar¬ 
ket, what can it do when motivated by an 
aggressive competitor? It's shaping up to be 
an exciting battle, one that every IT admin¬ 
istrator (and penny-pinching CFO) will be 
watching with interest. 

—JeffJames 
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Change the insides, not the outsides. 

There's a whole new way to VoIP. And you don't need a 
whole new infrastructure to get it. That's because now it isn't 
about ripping and replacing. It isn't even about hardware. It's 
about software. Keep your hardware—your PBX, gateways, 
even your phones. Move to VoIP with software. Software that 


integrates with Active Directoryf Microsoft®Office, Microsoft 
Exchange Server, and your PBX. Maximize your current PBX 
investment and make it part of your new software-based 
VoIP solution from Microsoft. It's really big change, without 
changing it all. Learn more |# A ifi a a 
at microsoft.com/voip ^If Oil M|f£ H 


Your potential. Our passion! 

Microsoft 
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Breakthrough Product 

Google Docs 
Google 

docs.qooqle.com 


F° 

r a 


"or the past decade or so, 
Microsoft Office has domi- 
raMlfl nated the office productivity 
Idilmffri su he market. Love it or hate it, 

I »j Ml Office is a staple of the modern 
workplace. Competitors such as 
IBM's Lotus products and Corel's WordPer¬ 
fect have either been left by the wayside or 
absorbed into other companies. 

However, thanks to increasing band¬ 
width and network performance, online 
alternatives to Office have been gaining trac¬ 
tion, and chief among those is Google Docs, 
a collection of business applications hosted 
by Google. While we should be under no 
illusions about Google Docs replacing Office 
as the dominant office productivity software 
suite, the success of Google Docs shows that 
there is strong interest in easy-to-use produc¬ 
tivity software that can be quickly accessed 
online. 

"Microsoft's move to Windows Live 
and its new Software + Services strategy 
are certainly spurred by Google's recent 
moves," says Michael Otey, technical direc¬ 
tor of Windows IT Pro. "Google's Web-based 
[office productivity] suite is available in the 
form of a free standard edition as well as 
a full-featured premier edition for $50 per 
user per year." 

Microsoft has responded by developing 
Microsoft Office Live Workspace (currently 
in beta), an application that makes it easy 
for Office users to share documents online. 
The S+S initiative takes this product a step 
further into the cloud, while early previews 
of the Live Mesh computing concept reveal 
that Microsoft is spending a lot of time 
thinking about how the Internet will impact 
the company's core business. 

As it stands, Google Docs is an excel¬ 
lent, low-cost alternative for consumers 
and small businesses that might not need 
(or can't afford) a full Office suite. Perhaps 
more important, Google Docs has forced 
the industry to look at hosted productivity 
solutions in a new light, blazing a trail that 
even Microsoft has to follow. 

—JeffJames 
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Special Achievement 

iPhone 

Apple 

www.apple.com 

A pple's iPhone has attracted 
millions of loyal customers— 
the intense consumer demand 
and marketing frenzy preceding 
the iPhone launch even led some 
pundits to dub the device the 
"Jesus phone." Now, with success in the con¬ 
sumer market well documented, Apple is 
making a concerted effort to get the iPhone 
into the hands of more enterprises. 

For the iPhone 2.0 firmware update, 
Apple has licensed Microsoft's ActiveSync 
protocol, a technology that will let IT depart¬ 
ments integrate iPhones with Microsoft 
Office Outlook email, contacts, address lists, 
and calendars; erase data on lost devices; 
manage passwords; and configure VPN 
settings on iPhones used in the enterprise. 
The firmware update will also support Cisco 
IPsec VPN and the Wi-Fi Protected Access 2 
and 802. lx wireless protocols. 

"Apple is indeed trying hard to attract 
enterprise users—thus their licensing of 
Exchange ActiveSync," says Paul Robichaux, 
senior contributing editor to Windows IT 
Pro. "[Apple] may not steal many seats 
from organizations that have already bought 
BlackBerry Enterprise Server software, but I 
guarantee they'll pickup lots of RIM's clients 
in small and mid-market organizations." 

Robichaux believes that those gains will 
also make inroads into enterprise territory 



currently held by Microsoft's Windows Mobile 
platform. "Apple is aiming for the low-hanging 
enterprise fruit, while Microsoft has a much 
more comprehensive strategy. For example, 
now that Microsoft's shipping System Center 
Mobile Device Manager, they have a very 
strong solution for device management and 
security. The iPhone, by comparison, doesn't 
have all of Mobile Device Manager's features, 
but it implements the basics that enterprise 
and mid-market customers want: Exchange 
support, over-the-air sync, and remote wipe." 

Although it's too early to tell how success¬ 
ful the iPhone will be in the enterprise mar¬ 
ket, there's little doubt that Apple has made all 
the other players in the industry take notice. 
"Apple's doing what they have repeatedly 
done in the last seven years or so: introduce 
a product that forces the entrenched market 
leaders in that segment to hustle like mad to 
catch up to both perception and reality," says 
Robichaux. "The iPhone has generated buzz 
around smart mobile devices in a way that 
nothing else has been able to." 

—JeffJames 
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Hardware Winners 

Gold: Barracuda Spam Firewall 
Barracuda Networks 
www.barracudanetworks.com 

Why it won: Spam management is a frus¬ 
trating, time-consuming process. The Bar¬ 
racuda Spam Firewall's appliance-based 
approach takes the sting out of the task. 

S pam continues to be a problem 
for everyone who uses email. 
What many users probably don't 
understand is the Herculean 
effort that most administrators 
put forth to combat the problem. 
Boasting ease of use and affordability, the 
Barracuda Spam Firewall—an integrated 
hardware/software solution for protecting 
email servers from spam, viruses, and spy- 
ware—is gaining remarkable traction. 

With its hourly spam- and virus-defi¬ 
nition updates, the Barracuda Spam Fire¬ 
wall requires very little maintenance and 
administrative overhead. Compatible with 
all email servers, the appliance can fit into 
nearly any corporate or small-business envi¬ 
ronment. And unlike software solutions, 
it reduces the load on the email server by 
offloading spam and virus filtering. The 
product also includes essential outbound 
filtering techniques. 

To get a feel for the product in the real 
world, I spoke with Kirk Whitham, a systems 
administrator at North American Direc¬ 
tory Services. "I was a little apprehensive 
about using a hardware solution for email 
management, but the Barracuda has sur¬ 
prised me. Installation was simple, and the 
software tools are easy to understand. It's 
much smarter about spam filtering than any 
software-only solution we've tried." 

Windows IT Pro contributing editor 
Eric Rux agrees that the appliance does a 
great job of filtering out spam and virus- 
infested email. "But what really sets it apart 
are its great features and outstanding sup¬ 
port," Rux said. "I value its hourly and daily 


statistics graphs and its appliance-health 
information—such as system load, CPU 
temperature, and mail/log storage—and 
I love the clustering option, which lets 
multiple Barracuda Spam Firewalls share 
configuration information. But my favorite 
feature is remote troubleshooting, which 
gives you online access to Barracuda sup¬ 
port technicians." 

—Jason Bovberg 

Silver: Steelhead 
Riverbed Technology 
www.riverbed.com 

Why it won: Riverbed's Steelhead ap¬ 
pliances offer a scalable approach to 
application acceleration across your WAN. 
Our readers have sung the praises of the 
Steelhead appliances, reporting incredible 
compression and bandwidth savings after 
installing them. 

Bronze: HP ProLiant DL585 
HP 

www.hp.com 

Why it won: If you're looking for a rack¬ 
mounted enterprise-class server, you can't 
go wrong with the HP ProLiant DL585. 

The system's four-way dual-core Opteron 
configuration provides amazing perfor¬ 
mance, and HP's Insight Manager and iLO 
enable effective remote management for 
enterprise deployments. 


Interoperability 

Winners 

Gold: Centrify DirectControl 
Centrify 

www.centrify.com 

Why it won: Centrify DirectControl easily 
and seamlessly integrates Linux, UNIX, 
and Mac OSs with Active Directory and 
provides robust UNIX and Linux personal¬ 
ity management and strong migration 
management. 




EDITORS’BEST © 

A s open-source and Macin¬ 
tosh OSs become increas¬ 
ingly enterprise-friendly and 
widely used, IT administrators 
will face growing interoperability 
concerns. Centralized account 
administration solutions can help you man¬ 
age mixed environments by enabling single 
sign-on and controlling authentication, 
access, and security policies for Windows, 
Linux, UNIX, and Mac OSs. 

Centrify DirectControl centralizes man¬ 
agement of disparate systems in Active 
Directory (AD), providing a single point 
of control over security and configuration 
policies. With DirectControl, non-Microsoft 
systems can join an AD domain so that you 
can manage them by using Group Policy 
and the other controls you use to manage 
your Windows systems. DirectControl lets 
you organize systems into logical groupings 
that have a unique set of security policies, a 
unique set of users and administrators, and 
separate access rights. You can even specify 
what action DirectControl should take in the 
event of a conflict (e.g., between GUIDs). 

In "Cross-Platform Identify Management 
Solutions for Single Sign-On" (September 
2007, InstantDoc I D 96592) , a comparison of 
DirectControl and two other products, Dar¬ 
ren Ehmke and Eric Rux wrote "DirectCon¬ 
trol is by far the most complex when it comes 
to setting up and using UNIX personality 
management, but it's also the most robust. 
You can't go wrong if you choose Centrify." 

—Todd Erickson 



Silver: Splunk 
Splunk 

www.splunk.com 

Why it won: Splunk lets IT pros index and 
search all sorts of enterprise data, such 
as alerts, logs, and config files. If you're 
drowning in data, Splunk can help you 
find what you need, when you need it. 

Bronze: Likewise Open Spring'08 
Likewise Software 
www.likewisesoftware.com 

Why it won: If you have a heteregenous 
shop and need to incorporate Linux, UNIX, 
or Macintosh systems into AD, Likewise 
Open Spring '08 has you covered. It offers 
a single, unified username and password 
solution for all those environments. 
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Messaging Winners 

Gold: PostPath Server 
PostPath 

www.postpath.com 

Why it won: PostPath Server is a drop-in, 
compatible alternative to Microsoft Ex¬ 
change Server that saves money on licens¬ 
ing, hardware, and management tools. 

T here are many reasons you 
might want to consider an 
alternative to Exchange Server 
for your messaging environment, 
particularly if your organization 
is looking to upgrade or expand. 
The new architecture and management 
structure of Microsoft Exchange Server 
2007 have caused many admins to wonder 
whether upgrading is worth the hassle. 
Linux-based PostPath Server is a viable 
alternative; in fact, it's the only email and 
collaboration server that's natively com¬ 
patible with Microsoft products and exist¬ 
ing Exchange organizations—no add-ons 
or plug-ins required. 

According to Duncan Greatwood, CEO 
of PostPath, "We've broken this compat¬ 
ibility lock so that we really are in a posi¬ 
tion to give customers a choice." Outlook, 
BlackBerry Enterprise Server, and other 
Exchange servers all interact with PostPath 
as if it were an Exchange server. PostPath 
uses a standards-based Linux file system for 
data storage, enabling lower storage costs 
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and backup and restore without the need 
for specialized tools. 

Clyde Williams, infrastructure systems 
manager for Southeast Alabama Medical 
Center, cited both lower cost and ease of 
implementation as reasons for switching 
his organization to PostPath Server. "For 
an Outlook user, they don't know the dif¬ 
ference," Williams said. New users and 
mailboxes are created through AD, and you 
can use Exchange systems management 
tools to manage PostPath Server. "From 
my experience so far, it just plain works," 
Williams said. 

—Brian Winstead 

Silver: 3CX Phone System for Windows 
3CX 

www.3cx.com 

Why it won: The 3CX Phone System for 
Windows is a software VoIP system that 
runs on Windows. It replaces the tradi¬ 
tional hardware PBX and is much less 
expensive. 

Bronze: Unify Enterprise Edition 
Ensim 

www.ensim.com 

Why it won: Ensim's Unify Enterprise Edi¬ 
tion automates provisioning and change 
requests as part of a comprehensive sys¬ 
tems management solution. It's a market 
leader in managing all the elements of 
a unified communications environment. 


Recent upgrades solidify this position 
by enhancing features such as security, 
mobility, and management of Exchange 
deployments. 


Mobile and Wireless 
Winners 

Gold: Zenprise 3.3 for BlackBerry 
Zenprise 

www.zenprise.com 

Why it won: Zenprise for BlackBerry is the 
best overall management solution for an 
area that's often an IT administrative black 
hole. 



E veryone seems to be using 
PDAs these days—especially 
in the IT field, where employees 
often must be accessible 24 x 7. 
IT administrators are burdened 
with the task of managing all 
these devices, which can sometimes be 
more of a headache than not having 
PDAs at all. Research in Motion's (RIM's) 
BlackBerry has become one of the most 
popular PDAs and a standard addition to 
employees' literal toolbelts. Zenprise 3.3 
for BlackBerry provides an easy interface 
for managing your mobile infrastructure 
and eliminates many of the compliance 
and security problems that are inherent 
in widespread PDA use. 
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Windows IT Pro Senior Editor Jason 
Bovberg notes that "the complex inter¬ 
actions between users, the BlackBerry 
Enterprise Server, Exchange Server, AD, 
networks, and other systems can result 
in downtime with serious ramifications 
on user productivity and IT stress levels" 
Zenprise for BlackBerry solves problems 
related to BlackBerry Enterprise Server 


"The tools in the 
Engineer's Toolset 
give you exactly 
what you need, 
exactly when you 
need it." 


(BES) database connectivity, BES Admin 
permissions, Exchange infrastructure 
problems that affect BES, Messaging API 
connectivity problems between BES and 
Exchange, Server Routing Protocol connec¬ 
tivity, calendar and email synchronization, 
attachment server failures, and enterprise 
device activation. 

As Jayaram Bhat, Zenprise's CEO, 
observes, "No single IT administrator can 
monitor every potential issue that can 
affect a BlackBerry enterprise deployment. 
Zenprise gives enterprise customers at all IT 
staff levels, from the Help desk to the mobile 
administrator, the ability to proactively iden¬ 
tify and resolve user issues." 

—Lavon Peters 


Silver: REDFLY Mobile Companion 
Celio Technology 
www.celiocorp.com 

Why it won: The cost-effective REDFLY 
Mobile Companion lets mobile IT pros use 
smartphones as their primary computing 
devices while on the go, saving both time 
and money in a market where both are 
tight. 

Bronze: Amazon Kindle 
Amazon.com 
www.a m azo n .co m 


Why it won: Amazon Kindle, a completely 
wireless portable reading device, lets users 
download books, blogs, magazines, and 
newspapers. IT pros can keep up on tech¬ 
nology from anywhere in the world. 


Networking Winners 

Gold: Engineer's Toolset 

SolarWinds 

www.solarwinds.com 

Why it won: The tools in the Engineer's 
Toolset cover a broad spectrum of func¬ 
tionality but give you exactly what you 
need, exactly when you need it. There's 
something in the kit for everyone, and it's 
priced attractively. 

I f you're like most IT pros, you're 
constantly on the prowl for 
those perfect little utilities that 
can dramatically improve certain 
aspects of your network-main¬ 
tenance duties. You've probably 
assembled your own toolkit full of these per¬ 
fect tools. Maybe you even have a portable 
USB drive full of them and carry the device 
from site to site. But what if you don't have 
time to scour the Web for tools or organize 
the ones you've found for easy use? 

SolarWinds' Engineer's Toolset is a col¬ 
lection of 49 network-engineering utilities 
that let you quickly address virtually every 
network-engineering challenge you can 
think of, from configuration management, 
network discovery and mapping, and fault 
management to bandwidth and network 
performance monitoring. Version 9.0 of the 
Engineer's Toolset introduces the first true 
real-time NetFlow analysis tool, letting you 
rapidly troubleshoot network traffic prob¬ 
lems from your desktop. 

I spoke with Network Operations Man¬ 
ager Greg English about the benefit of 
the Engineer's Toolset to his environment. 
"We're a Cisco shop, and my network has 
more than 25,000 devices spread across 
many states," English said. "The Engineer's 
Toolset has a number of tools geared specifi¬ 
cally for Cisco equipment. Many of the tools 
can be found elsewhere as standalone utili¬ 
ties or as part of another package or even as 
freeware, but SolarWinds has bundled them 
together in a useful toolbar. I know the tools 
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are up-to-date, virus-free, and right at my 
fingertips when I need them." English also 
values the fact that all the tools are aware of 
the other tools in the toolset and will invoke 
one another when necessary. "I don't have 
to remember where I've stored each tool 
and what it's called." 

—Jason Bovberg 


Silver: Observer 

Network Instruments 

www.networkinstruments.com 

Why it won: Our editors value Network 
Instruments' Observer as a ground-up, 
end-to-end networking-monitoring solu¬ 
tion from a company that's always at the 
bleeding edge of the latest networking 
technologies and features, such as 10GbE 
and IPv6. 

Bronze: OmniPeek 

WildPackets 

www.wildpackets.com 

Why it won: WildPackets' impressive 
OmniPeek family of products gives you 
real-time visibility into every part of your 
network—from a single interface. Also, 
WildPackets recognizes the benefit of 
statistical and packet monitoring working 
together. 


Scripting Winners 

Gold: Admin Script Editor 
iTripoli 

www.adminscripteditor.com 

Why it won: Busy Windows systems 
administrators can use scripts to save time, 
but trying to write them can be frustrat¬ 
ing when you're new to scripting. Admin 
Script Editor helps turn that frustration 
into success. 

I n today's fast-paced business 
world, employees are often 
asked to take on more respon¬ 
sibilities. To make time for 
those new jobs, administrators 
can use scripts to automate the 
repetitive, time-consuming tasks they cur¬ 
rently perform. However, writing scripts is 
new to many administrators, and having 
the right tool for the job can be the 
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difference between frustration and suc¬ 
cess. One extremely helpful tool is iTripoli's 
Admin Script Editor (ASE). 

Designed for Windows administra¬ 
tors, ASE supports the scripting languages 
they're likely to use, including batch, 
VBScript, KiXtart, and Windows Power- 
Shell. Point-and-click code-generation 
tools—such as the WMI Wizard, ADSI 
Wizard, Logon Script Builder, and Data¬ 
base Wizard—make it easy for novice script 
writers to create scripts. More experienced 
users will find such features as ScriptBits 
(a repository for reusable code snippets), 
Advanced Query Builder (which helps 
build complex database queries), and 
Script Packager (which turns scripts into 
executable packages) useful. 

Script Packager is a feature that Chang 
Lu, a senior systems administrator of Win¬ 
dows platforms, has found very helpful. “I 
like Admin Script Editor because it lets me 
package VBScript, JScript, batch, Windows 
Script file (.wsf), Autolt, KiXtart, and other 
scripts," notes Chang. “In fact, I even pack¬ 
aged several HTAs and distributed them as 
programs. In the executable file, you can 
include such information as the version, 
description, company, and comments, just 
like you find in other types of programs." 

—Karen Bemowski 


Silver: PrimalScript 2007 
SAPIEN Technologies 
www.sapien.com 

Why it won: Although SAPIEN Technolo¬ 
gies' PrimalScript has been around for two 
decades, the company isn't resting on its 
laurels. PrimalScript 2007's new cus¬ 
tomizable Ul and an ActiveX Data Objects 
wizard are among the improvements in 
the newest version. 

Bronze: UltraEdit 

IDM Computer Solutions 

www.ultraedit.com 

Why it won: Administrators who are jacks- 
of-all-trades will find UltraEdit's environ¬ 
ments as versatile as they are. UltraEdit 
offers preconfigured and customizable 
environments for automating a systems 
administration task with a VBScript script, 


editing a Web page, creating a Visual Basic 
project, or performing some other task. 


Security Winners 

Gold: Astaro Security Gateway 
Astaro 

www.astaro.com 

Why it won: Web filtering has taken on in¬ 
creased importance as attacks on business 
networks have expanded from viruses in 
email attachments to phishing attempts 
embedded in Web sites. Astaro Security 
Gateway addresses these and other Inter¬ 
net threats and is easy to configure and 
reasonably priced. 

T he appeal of a Unified Threat 
Management appliance is 
obvious. What could be more 
attractive to a security admin¬ 
istrator than comprehensive 
protection from multiple Inter¬ 
net-borne threats in one easy-to-manage 
box? These days, users who happen to 
visit the wrong Web site at the wrong time 
can easily have their identity stolen or can 
unknowingly download a virus just as if they 
had opened an infected email attachment. 
To the standard core gateway features of fire¬ 
wall, VPN, and intrusion prevention, Astaro 
Security Gateway adds Web URL filtering 
and malware detection; email antispam, 
antivirus, and antiphishing capabilities; and 
email encryption. 

Astaro Security Gateway impressed 
one of our product reviewers. In his 
review “Astaro Security Gateway 220" 
(December 2007, InstantDoc ID 97266) , 
John Green summarized the product's 
strong points as follows: “Broad feature 
set includes email encryption and sign¬ 
ing, VPN, firewall, and antivirus; setup is 
easy, with many configuration options; 
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Web-based administrative interface is 
very responsive; product is available both 
as an appliance and as software; licens¬ 
ing is favorable, including free use for as 
many as 10 IP addresses in home environ¬ 
ment" 

The most recent version of the Astaro 
Security Gateway software, released in 
December 2007, features a new HTTP 
proxy engine that boosts performance 
and provides other improvements. The 
product can also be deployed as a vir¬ 
tual appliance running on VMware ESX 
Server. The feature set, flexibility, and 
configurability of this perimeter security 
appliance make it our pick for security 
product of the year. 

—Renee Munshi 


Silver: Catbird V-Agent 
Catbird Networks 
www.catbird.com 

Why it won: Security for mixed physi¬ 
cal and virtual assets is becoming a top 
priority for IT pros, and Catbird V-Agent 
is one of the best solutions available. It 
also helps handle complex compliance 
and auditing requirements for virtual 
machines. 

Bronze: OmniAccess 3500 Nonstop 
Laptop Guardian 
Alcatel-Lucent 
www.alcatel.com 

Why it won: As the workforce becomes 
ever more mobile, managing and secur¬ 
ing laptops can be—and often is—a full¬ 
time job. The Alcatel-Lucent OmniAccess 
3500 Nonstop Laptop Guardian gives 
you the tools you need to track and man¬ 
age mobile assets with ease. 


Storage Winners 

Gold: RamSan-500 
Texas Memory Systems 
www.superssd.com 

Why it won: The RamSan-500 makes the 
jump into solid-state-disk technology, 
providing the most storage capacity for 
the best price. 

I n the past, storage has focused 
on DAS, NAS, and SANs (includ¬ 
ing iSCSI SANs). But the latest 
advancement in storage technol¬ 
ogy, solid state disk (SSD), pro¬ 
vides many advantages over those 
options. Because no rotation is involved, 
there are no moving parts and data access 
is faster—SSD access times range from 10 to 
15 microseconds, which is 250 times as fast 
as hard disk drives. The lack of moving parts 
also means increased reliability, and SSDs 
use less power than other storage options. 
Texas Memory Systems' RamSan-500 pro¬ 
vides all these advantages and is one of the 
best SSDs on the market today. 

The RamSan-500 provides up to 2TB 
of storage, with as many as 100,000 I/O 
operations per second (IOPS) sustained 
random reads, 10,000 IOPS sustained ran¬ 
dom writes, and 2GBps of sustained ran¬ 
dom read/write bandwidth. Texas Memory 
Systems notes that "compared to a similar 
capacity high-end hard disk-based RAID 
system, the RamSan-500 can deliver in 
excess of 16 times the performance while 
using 50 percent less power." In addition, 
the RamSan-500 costs less than competing 
products; you get all these bells and whis¬ 
tles for a price similar to enterprise RAID 
storage. Windows IT Pro Technical Director 
Michael Otey prefers the RamSan-500 to 
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BiTMICRO's similar product because of the 
RamSan's price and capacity. 

—Lavon Peters 

Silver: Dell EqualLogic PS5000E 
Dell EqualLogic 
www.dell.conn/equalloqic 

Why it won: The Dell EqualLogic PS5000E 

iSCSI array provides cost-effective capac¬ 
ity, scalability, and optimal performance 
for common business applications. 

Bronze: E-Disk Altima ATA-133 

BiTMICRO 

www.bitmicro.com 

Why it won: The E-Disk Altima ATA-1 33 

provides huge storage capacities in a 
standard disk drive form factor. 


SharePoint Winners 

Gold: File Migrator for SharePoint 
Quest Software 
www.quest.com 

Why it won: As companies flock to Micro¬ 
soft's SharePoint collaboration platform, 
they face having to move massive quanti¬ 
ties of information from their file share in¬ 
frastructure into SharePoint. File Migrator 
for SharePoint provides the best solution 
to that problem. 


b; 


) usinesses have long used 
'file shares to store important 
company information, but in 
today's highly collaborative busi¬ 
ness environments, information 
workers increasingly need func¬ 
tionality that file shares don't provide, such 
as version history, content approval, work- 
flow, offline access, and content manage¬ 
ment. Microsoft's SharePoint collaboration 
platform provides a robust solution for 
these companies, but they still face a major 
stumbling block: the complexity of moving 
all that data into a SharePoint environment. 
SharePoint provides no help for doing that 
job. But Quest Software's File Migrator for 
SharePoint does. 

Doug Davis, director of product manage¬ 
ment for Quest, says people are definitely 
buying into the concept of SharePoint as 
the "next-generation file share." With File 
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Migrator for SharePoint, companies 
don't have to blindly move content 
into a SharePoint repository. 

"File Migrator lets you schedule 
and execute bulk file migrations, 
cleanse and filter data as you move 
it, and structure the data to fit your 
needs," Davis said. "You can add 
metadata on top of it to classify and 
categorize it. This categorization and 
classification of data is one of the cru¬ 
cial components of why people want to 
move to SharePoint. Having that in an 
automated migration tool is extremely 
valuable." We agree, and File Migrator 
for SharePoint gets our Editors' Best 
award for the top SharePoint product. 

—Gayle Rodcay 

Silver: DocAve 4.5 Backup and 
Recovery for SharePoint 
AvePoint 

www.avepoint.com 

Why it won: A comprehensive backup 
system is essential for protecting an or¬ 
ganization's valuable SharePoint content. 
DocAve 4.5 Backup and Recovery for 
SharePoint offers granular, real-time back¬ 
up and on-demand restore capabilities for 
your entire SharePoint environment. 

Bronze: Colligo Contributor Pro 
for SharePoint 
Colligo Networks 
www.colliqo.com 

Why it won: As the mobile workforce con¬ 
tinues to grow, the ability to collaborate 
both online and offline becomes more 
and more important. Colligo Contributor 
for SharePoint lets mobile users bring the 
SharePoint environment to their desktops, 
letting them easily access, modify, and 
create SharePoint content through familiar 
interfaces. 


Systems 

Management Winners 

Gold: Active Administrator 

ScriptLogic 

www.scriptloqic.com 

Why it won: Managing AD and Group Poli¬ 
cy can be an onerous task, but Scriptlogic's 
Active Administrator steps in to lessen 
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the load. The product includes a host of 
features, but the streamlined Ul, helpful 
support, and overall ease of use make 
Active Administrator a clear winner. 

A D and Group Policy are joined 
at the hip, so to speak, so it's no 
surprise that vendors offer tools 
to manage both. What might be 
surprising, though, is why one 
product in the market, Script- 
Logic's Active Administrator, stands out: 
for its usability. As any admin knows, the 
gap between acquiring a tool and actually 
using it productively is often a bottomless 
crevasse—enthusiasm cools if a tool takes 
too much effort to use. 

In his November 2007 comparative review 
of Group Policy management tools ("3 Tools 
to Manage Group Policy," InstantDoc ID 
97228) , Windows IT Pro contributing editor 
Eric Rux tested NetPro, NetlQ, and Script- 
Logic solutions. He concluded that "Script- 
Logic's Active Administrator had the best look 
and feel, was the most intuitive, and includes 
extra features to help manage Group Policy." 

Adds Senior Systems Engineer Tory 
Skyers, "You can have this product installed 
and truly functional in less than 30 minutes, 
no exaggeration." Ease of use translated to 
a quick response when an administrator 
deleted a high-level executive's ad account 
by accident. "The Help desk alerted us that 
the VIP was having a problem, and within a 
few minutes we knew who, when, and from 
where it was deleted and had the object 
(including passwords) restored," Skyers 
said. "About the only addition I can see a 
need for is delegation within the product 
itself (i.e., levels of access to make changes 
to program settings); other than that, I can't 



really think of much I'd change. This 
product has paid for itself many times 
over in admin time saved alone, not to 
mention Group Policy backups, GPO 
modeling, and super-detailed permis¬ 
sion delegation and templating. We've 
gotten so used to having it around that 
I honestly have no idea what we would 
do without it." 

—Caroline Marwitz 

Silver: ActiveRoles Server 
Quest Software 
www.quest.com 

Why it won: ActiveRoles Server offers 
role-based management of AD, let¬ 
ting admins delegate tasks while maintain¬ 
ing security and control. Especially useful 
for overworked IT pros is its Web interface 
and automated user provisioning process. 

Bronze: AppManager 
NetlQ 

www.netiq.com 

Why it won: Designed for easy deploy¬ 
ment, AppManager's big appeal is its abil¬ 
ity to be customized. Its visual mapping of 
IT resources helps when prioritizing admin 
responses to system problems. 


Training and 
Certification Winners 

Gold: KSource Online Learning 
AppDev 

www.appdev.com 

Why it won: A high-quality on-demand 
training program, combined with a flexible 
online delivery method, makes KSource 
Online Learning the best online training 
and certification program currently avail¬ 
able. 


K eeping IT skills current is 
difficult for many IT pros to 
squeeze into their overbooked 
schedules, but it's made easier by 
vendors that provide training and 
certification courses, DVDs, and 
other materials. One of the most innovative 
programs we've seen is KSource Online 
Learning. 

You can choose a hosted version of 
KSource (accessible over the Internet) or 
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ALTERNATIVE THINKING ABOUT SERVER MANAGEMENT: 


You don't have to be in your server room to manage your servers. 


The HP ProLiant DL385 G5 Server, featuring efficient Quad-Core AMD Opteron™ processors, lets you manage it from your office in 
San Diego while it sits in Boston. Remote Management (iL02) lets you control, reboot and troubleshoot from practically anywhere, 
even when the server is off. 


Technology for better business outcomes. 






HP ProLiant DL385 G5 

$2275 (Save $850) 


HP StorageWorks Ultrium 
448 Tape Drive SAS Bundle 

$1649 


Lease for as low as $39/mo 1 for 48 months 
Smart (PN: AG739A) 

• 400 GB compressed capacity in half-height 
form factor 


Lease for as low as $54^0' for 48 months 
Smart (PN: 464211-005) 

• 2 Quad-Core AMD Opteron™ processors 

• Supports small form factor, high-performance 
SAS or low-cost SATA hard drives 

• Redundant Power 

• Integrated Lights-Out (iL02), Systems 
Insight Manager, SmartStart 

Get More: 

Smartljij^l 24x7, 4 hour response, 3 years 
(PN: UE894E) $689 

Smart Add 2 GB additional memory 

(PN: 408851-S21) $159 


10,000,000 IT. folks can't be wrong. 

To learn more, call 1-888-233-0071 or visit hp.com/go/dependable19 


• Ships with Data Protector Express Software, 
One Button Disaster Recovery, a 1U 
Rackmount Kit, and a Host Bus Adapter 


Prices shown are HP Direct prices; reseller and retail prices may vary. Prices shown are subject to change and do not include applicable state and local taxes or shipping to recipient’s address. Offers cannot be 
combined with any other offer or discount and are good while supplies last. All featured offers available in U.S. only. Savings based on HP published list prices of configure-to-order equivalent ($3125 - $850 
instant savings = SmartBuy price of $2,275). 1. Financing available through Hewlett-Packard Financial Services Company (HPFS) to qualified commercial customers in the U.S. and subject to credit approval 
and execution of standard HPFS documentation. Prices shown are based on a lease of 48 months in terms with a fair market value purchase option at the end of the term. Rates based on an original transaction 
size between $3,000 and $25,000. Other rates apply for other terms and transaction sizes. Financing available on transactions greater than $349 through September 30, 2008. HPFS reserves the right to 
change or cancel these programs at any time without notice. AMD, the AMD Arrow logo, AMD Opteron, and combinations thereof are trademarks of Advanced Micro Devices, Inc. (c) 2008 Hewlett-Packard 
Development Company, L.P The information contained herein is subject to change without notice. 
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Preparation is one 
of the best MCSE 
training programs 
currently available. 


Virtualization 

Winners 

Gold: Parallels 

Virtuozzo 

Containers 

Parallels 

www.parallels 

.com 


install a local version on your network. 
Both options give you 24 x 7 access to edu¬ 
cational content in dozens of content areas, 
including such popular topics as Microsoft 
Visual Studio 2008, Microsoft Office Share- 
Point Server 2007, and Silverlight 2. 

IT Manager Dennis Podgorski has used 
AppDev products and can attest to the qual¬ 
ity of the training programs. "I checked out 
the AppDev Web site and saw that AppDev's 
training products weren't that expensive, and 
I liked that I could sample the products before 
purchasing," says Podgorski. “I considered 
attending an offsite training program as an 
alternative to AppDev's training products, but 
that just wasn't an option in our small work 
environment. After using both the SQL Server 
2005 and Java training programs, I managed 
to leam what I needed to—all without having 
to be away from office, and it didn't cost me 
my entire training budget to do it." 

—JeffJames 


Silver: MCSE Boot Camp 
Mountain View Systems 
www.mntview.com 

Why it won: High-quality content and af¬ 
fordable program options make Mountain 
View Systems' MCSE Boot Camp an excel¬ 
lent choice for IT pros looking to update 
their skills. 

Bronze: MCSE 2003 Exam 
Preparation 
Transcender 
www.transcender.com 

Why it won: With seven exams and 
specialized information on messaging and 
security,Transcender's MCSE 2003 Exam 


Why it won: A unique OS-level virtualiza¬ 
tion approach makes Parallels Virtuozzo 
Containers a better (and cheaper) solution 
than other virtualization offerings. 

A lthough the likes of Citrix, 
VMware, and Microsoft dom¬ 
inate the virtualization headlines, 
that hasn't stopped Parallels from 
becoming a significant player in 
the virtualization arena. Paral¬ 
lels excels at looking at an existing market 
from a new angle, and Parallels Virtuozzo 
Containers is a perfect example of that 
philosophy. 

Unlike hypervisor-based products 
such as VMware ESX Server and Microsoft 
Hyper-V, Virtuozzo Containers takes an 
OS-level virtualization approach. Running 
on top of the host OS, this approach doesn't 
virtualize hardware, instead relying on the 
host OS's hardware and device drivers. 
Because fewer assets are virtualized, Vir¬ 
tuozzo Containers can support more virtual 
environments on a system than hypervisor- 
based solutions can. It might not be the 
right approach for every situation, but the 
performance and density of virtual envi¬ 
ronments makes this product a compelling 
choice for many businesses. 

"Speed is the difference between profit 
and loss in the financial business," says 
Arup Das, chief technology officer of Asset 
Management Company. "We run 80,000 
SQL transactions over a four-hour period 
on Parallels Virtuozzo Containers, so supe¬ 
rior performance and the ability to handle 
high I/O workloads is critical." 

Das points to the performance benefits 
that this virtualization approach has over 
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competing solutions. "We were particu¬ 
larly impressed with Parallels Virtuozzo 
Containers, as OS virtualization avoids 
the poor performance caused by double 
caching, which is associated with virtu¬ 
alizing the hardware," says Das. "With 
hardware virtualization [solutions] like 
VMware, each VM has to write to both 
itself and the physical server, which can 
really erode the efficiency being gained. 
This is particularly important to us, as we 
wanted to virtualize Microsoft SQL Server 
and Oracle databases and needed to avoid 
degradation in I/O." 

—JeffJames 


Silver: VMware ThinApp 
VMware 

www.vmware.com 

Why it won: Thinstall's name changed to 
VMware ThinApp in the midst of our judg¬ 
ing, but everything that makes this a great 
application virtualization product has 
remained the same. If you need an easy, 
no-fuss way to virtualize applications, you 
should take a close look at ThinApp. 

Bronze: everRun VM 
Marathon Technologies 
www.marathontechnoloqies.com 

Why it won: Do you need to protect your 
virtual infrastructure from data loss and 
catastrophic outages? everRun VM does 
that—and more. It's easy to use and easy 
to deploy, and is bundled with top-notch 
support options. 

InstantDoc ID 99542 



www.windowsitpro.com 


36 AUGUST 2008 Windows IT Pro 


























FEATURE 


Favorite 
products from 
our readers 

by the Windows 
IT Pro Editors 


WhtalTfto 

COMMUNITY 




In contrast to all the other award categories in this issue, the Windows IT Pro 
Community Choice Awards are selected by you, the readers of Windows IT 
Pro and SQL Server Magazine. Hundreds of Windows IT Pro Web site visitors 
and online forum members voted in these awards, which eventually resulted in 
24 finalists and winners in eight categories. 

As with all the other awards presented in this issue, we want to hear what you think 
about the choices made here. Do you think an important product was overlooked, or that a 
lackluster product was given accolades that it doesn't deserve? Please visit the Windows IT 
Pro online forums (www.windowsitpro.com/forums) and let us know what you think! 


Light Database Tools 

Winner: Microsoft SQL Server 2005 Express 
Microsoft 

www.microsoft.com 


Why it won: This limited-feature variant of Microsoft 
SQL Server 2005 is long on value as well as capabil¬ 
ity: It's free! You'll be amazed at how much you can 
accomplish with SQL Server 2005 Express—it's an 
excellent choice for someone whose database needs 
are modest. 



I n a world where weighty IT applications 
such as SQL Server 2005 command hefty 
prices, it's nice to find a product that's long 
on capability but light on your IT budget. You 
can't beat free as far as pricing goes, a lesson 
not lost on Microsoft when it created SQL 


Server 2005 Express Edition. 


Granted, SQL Server Express doesn't offer as many 
features as its costly counterpart does. In his Web- 
exclusive article “Contenders for the Express Database 
Crown" (www.sqlmag.com, InstantDoc I D 94459) , Win¬ 
dows IT Pro Technical Director Michael Otey extols the 
virtues of SQL Server Express over some of its light-duty 
database competitors. 

“SQL Server Express provides high levels of perfor¬ 
mance and deep CLR and XML integration. If, like most 
developers, you're using Microsoft .NET technologies 
and you're developing for the Windows platform that 
makes up the bulk of the desktop market, SQL Server 
Express is a great choice because its integration with the 
Visual Studio 2005 development product is unequaled," 
says Otey. “SQL Server Express Advanced Edition also 
includes the SQL Server Management Studio Express 
(SSMSE) management GUI and support for SQL Server 
2005 Reporting Services, a component that has no 
equivalent in the other lightweight database products." 
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Other SQL Server Express features are a 
boon for helping DBAs get new projects up 
and running quickly. Microsoft includes 10 
database schemas that take the guesswork 
out of creating small database projects, 
including ones for e-commerce, product 
catalogs, nonprofit groups, and contact 
management. Combine that with a wealth 
of sample databases, tutorials, online help, 
and other free training tools, and SQL 
Server Express emerges as a powerful entry- 
to midlevel database tool in its own right. 

—JeffJames 


Silver: MySQL 5.0 

MySQL AB 

www.mysql.com 

Bronze: Microsoft SQL Server 

Compact 3.5 

Microsoft 

www.microsoft.com 


Antispam Solution for 
Business 

Winner: McAfee Total Protection 
Service 
McAfee 

www.mcafee.com 

Why it won: McAfee Total Protection 
Service offers professional antispam and 
antivirus protection for your corporate 
email, all without requiring you to install 
or manage anything locally. Did we 
mention that the McAfee Total Protection 
Service eats spam for lunch? 

O ur modern lives are filled with 
annoyances, few of which 
are more frustrating and time- 
consuming than email spam. 
Although individuals might 
become extremely annoyed by 
the deluge of spam they receive, the anguish 
increases exponentially when you consider 
the plight of IT pros. How do you keep 
your infrastructure—and especially your 
Exchange servers—from collapsing under 
the weight of millions of spam messages? 

If you're like many of those who voted in 
the Antispam Solution for Business award 
category, you might have already selected 
McAfee Total Protection Service. As a 
hosted service—much like Google's Postini 
and Microsoft FrontBridge—McAfee's 
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solution doesn't require software to be 
installed, nor does it eat up valuable space 
and resources running on internal servers. 
McAfee Total Protection Service also blocks 
spyware and viruses, provides a Web-based 
management console, and helps your users 
surf the Web with confidence using McAfee 
SiteAdvisor. It also happens to kill spam 
dead, which is certainly one of the reasons 
that Windows IT Pro readers voted it the 
best product in our Antispam Solution for 
Business category. 

—JeffJames 

Silver: Perimeter Manager 
Enterprise Edition 
Postini 

www.postini.com 

Bronze: Symantec Mail Security 

8200 Series 

Symantec 

www.symantec.com 


Disk Imaging Software 

Winner: Symantec Ghost Solution 

Suite 

Symantec 

www.symantec.com 

Why it won: Symantec Ghost has been 
updated and improved more than a dozen 
times, and it shows: Other disk imaging 
deployment products find it hard to com¬ 
pete with the Symantec Ghost Solution 
Suite in its price range, and voters agree 
that Ghost can't be beat. 

D epending on the size of your 
infrastructure, software deploy¬ 
ment can be relatively painless, 
or it can be time-consuming. 
Although small shops might be 
able to rely on free tools such 
as Microsoft's deployment toolkit, larger 
organizations with more complex business 
IT needs often require something more 
robust—and expensive. In "Disk Imaging 
Software for SMBs" (February 2007, Instant- 
Doc I D 94593) , Joel Barker explains that the 
right deployment tool for your needs often 
depends on the size of the organization. 

"Larger organizations can justify the 
cost of SMS and similar enterprise-class 
management servers, but small IT depart¬ 
ments have generally been priced out of any 


kind of deployment tool beyond a techni¬ 
cian with a custom image on a DVD," says 
Barker. "Symantec Ghost Solution Suite 
is an affordable product that offers a set of 
features similar to SMS as well as the ability 
to launch and manage desktop backup rou¬ 
tines .... For midsized and large companies, 
Symantec offers a panoply of features at an 
inviting price." 

—JeffJames 

Silver: AcronisTrue Image Echo 
Workstation with Acronis Universal 
Restore 
Acronis 

www.acronis.com 
Bronze: Image for Windows 
TeraByte Unlimited 
www.te ra byte unlimited.com 


Backup and Recovery 
Appliances 

Winner: HP StorageWorks D2D 
Backup System 
HP 

www.hp.com 

Why it won: HP hits the sweet spot for 
disk-based backup for small-to-midsized 
businesses with a product that makes 
automated backup and recovery easy and 
affordable and works with your existing 
tape-backup process. 

a The HP StorageWorks D2D 
I Backup System takes aim at 
two major pain points for small- 
business IT: keeping the network 
backed up consistently and being 
able to recover data quickly. 
The product gives SMBs the benefits of 
automated disk-to-disk (D2D) backup at a 
budget-friendly price of well under $3,000. 
The D2D Backup System is simple to set up, 
provides an easy-to-use Web-based admin¬ 
istration interface, and performs quickly and 
reliably. It's also compatible with existing 
tape-backup tools, such as NTBaclcup and 
Symantec Backup Exec. 

Neil Fraser of DataLogistics says a reduc¬ 
tion in backup time and improved backup 
consistency are two of the biggest benefits 
his company has seen with the Storage- 
Works D2D Backup System. "With the D2D 
product, our backup times have dropped 
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significantly, and we no longer experience 
morning network lag because of the back¬ 
ups running." Fraser says the Storage Works 
D2D product also saved money because 
DataLogistics could keep its existing tape- 
backup system. 

Like Fraser, Scott Shaw of Covente 
gives the product a thumbs-up for perform¬ 
ing backups reliably with little IT interven¬ 
tion. "We now have consistent and timely 
backups without interfering with our day- 
to-day IT operations," he says. "The virtual 
library ... allows us to keep a three-week 
rotation without ever needing to change 
tapes." 

—Anne Grubb 


Silver: SonicWALL Continuous 
Data Protection Series 
SonicWALL 
www.sonicwaH.com 
Bronze: StoreVault S500 
NetApp 

www.storevault.com 


Exchange Server 
Monitoring Tools 

Winner: Microsoft System Center 
Operations Manager 2007 
Microsoft 

www.microsoft.com 

Why it won: Its preemptive, IT service- 
based approach to monitoring, plus 
management packs that incorporate 
Microsoft's extensive knowledge of 
Exchange Server and Windows, make this 
product a standout in its class. 

I f your business depends on 
keeping a network of Exchange 
servers up and running, you're 
probably already using some type 
of Microsoft Exchange Server man¬ 
agement tool. The latest iteration of 
Microsoft's enterprise systems management 
product, System Center Operations Man¬ 
ager 2007, is notable for its use of IT service 
models, which manage a group of related 



components (e.g., server, application, Active 
Directory) together as one IT service. This 
feature, combined with management packs 
(for Exchange Server 2007 and Exchange 
Server 2003), enable proactive monitoring 
and alerting based on Microsoft's in-depth 
knowledge of Exchange. 

For companies that use the System Center 
product suite, Ops Manager 2007 with the 
Exchange management pack is a natural 
choice for Exchange monitoring. Todd Sian of 
Total Wine & More points to this integration as 
a key benefit of using the product. "This was 
an outstanding complement to the rest of the 
suite," says Sian. "The ability to proactively 
monitor and take necessary action before 
user access and performance [are affected] 
has been a big win in providing the greatest 
level of service and uptime to our end users." 

Sian says that the ability to monitor a 
clustered Exchange environment has been 
the most useful Ops Manager feature for Total 
Wine. "Proactive monitoring of our HT/CAS 
[Hub Transport/Client Access] cluster and 
CCR [cluster continuous replication] mailbox 
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EventSentry is an award-winning, affordable, feature-rich, 
proactive, real-time monitoring solution that watches over your 
servers, workstations, and network devices to ensure maximum 
availability and that also helps with compliance requirements. 

Some of the features of EventSentry include: 

• Real-Time Event Log Monitoring & Consolidation 

• Log File Monitoring (e.g. IIS, DHCP) 
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cluster is key to maintaining the highest level 
of availability possible for our end users" 

—Anne Grubb 

Silver: PROMODAG Reports for 
Microsoft Exchange Server 
PROMODAG 
www.pronriodaq.com 
Bronze: Quest MessageStats and 
Spotlight on Exchange 
Quest Software 
www.quest.com 


Uninterruptible 
Power Supplies 

Winner: Smart-UPS XL Series 
American Power Conversion 
www.apc.com 

Why it won: APC has been producing unin¬ 
terruptible power supplies (UPSs) for longer 
than just about anyone, and IT pros have 
come to rely on the vendor for some of the 
best UPS products currently available. APC 
hardware is probably sitting in your data 
center as you read this, helping keep vital 
servers and appliances up and running. 

S ome IT products are more 
glamorous than others. Virtual¬ 
ization, smart phones, big-screen 
LCDs, and speedy CPUs are the 
attention-grabbing supermodels 
of the IT product universe, but 
the venerable uninterruptible power supply 
(UPS) is an underappreciated stalwart of 
business IT. Like the clock-punching jani¬ 
tors and maintenance staff that truly keep 
an office building running, the UPS works 
tirelessly—365 days a year, 24 x 7—to keep 
vital systems up and running. 

American Power Conversion (APC) has 
been making UPS products for almost 30 
years. APC's dominance in the UPS market 
is led by products such as the Smart-UPS 
XL Series, a line of products that range in 
price from $450 to $1,800. Battery life var¬ 
ies from 3.5 to almost 9 hours, and you can 
add battery packs to push operational times 
beyond 24 hours. APC's built-in PowerChute 
UPS software helps you manage your UPS 
environment as you see fit, and an internal 
accessory slot (dubbed the SmartSlot) allows 
for additional expansion. 

—JeffJames 
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Silver: Smart-UPS SC Series 

American Power Conversion 

www.apc.com 

Bronze: Back-UPS RS Series 

American Power Conversion 

www.apc.com 


Laptop 

Synchronization 

Tools 

Winner: PCsync 
Laplink Software 
www.laplink.com 

Why it won: Rock-solid reliability and 
an impressive number of file synchroniza¬ 
tion features help make PCsync a must 
for IT pros tasked with keeping a small 
army of desktops and mobile devices in 
lockstep. 

A n increasingly mobile work¬ 
force has multiplied the chal¬ 
lenges that IT pros grapple with 
every day. Keeping files synchro¬ 
nized and updated between a 
company desktop and mobile 
devices such as laptops, smartphones, and 
PDAs is one job that must be done without 
fail if end users are to be able to do their 
work. Laplink Software's PCsync makes 
synchronization between devices easy. 

This helpful tool specializes in simplify¬ 
ing file synchronization and data transfer 
between PCs. Using a USB cable, serial 
cable, or a wired or wireless network, you 
can synchronize, merge, back up, and copy 
files from different PCs. You can also sched¬ 
ule file synchronization jobs to automati¬ 
cally synchronize multiple files and folders 
at given intervals. Laplink touts its Smart- 
XChange synchronization definition and 
tracking tool as a way to make PC-to-PC 
transfers even more efficient and painless. 
Our voters agreed, helping PCsync garner 
the most votes to emerge as the winner of 
the category. 

—Jeff James 

Silver: Sync Logic 
IPWorx.com 
www.ipworx.com 
Bronze: Beyond Compare 
Scooter Software 
www.scootersoftware.com 


KVM over IP Switches 

Winner: OmniView SMB KVM-over- 
IP Switch FI DPI 16G 
Belkin International 
www.belkin.com 

Why it won: A comprehensive feature set 
and a competitive price help make the 
OmniView SMB KVM-over-IP switch hard 
to beat in this category. 

I f you have a data center packed with doz¬ 
ens of servers and appliances, how do you 
manage all of them without a tangled mess 
of monitors, keyboards, and mouse devices? 
Using a KVM switch is a good answer, and 
Belkin's solution to the problem seems better 
than most. The Belkin OmniView SMB KVM- 
over-IP Switch F1DP116G includes native 
CAT5 support and can be used to manage 
up to 248 servers (via daisy-chaining) from a 
single console. 

"Our IT department considered several 
KVM-over-IP products for our needs, but the 
Belkin offered the best performance for the 
money," says Darrell Bradshaw, marketing 
manager at Transource, a computer reseller 
that specializes in servicing contracts from 
the federal government. "The installation 
was straightforward, and the browser-based 
interface [used to access different servers] is 
easy to use. We've been using the product 
for about eight months and haven't had any 
problems or issues to report." Bradshaw says 
that his company also uses a fair amount of 
Avocent KVM hardware, but stressed that 
the cost of the OmniView SMB switch was a 
key factor in making that purchase. 

Combine competitive pricing with 
advanced features, such as BIOS-level 
access to connected servers, 128-bit SSL 
encryption, and support for serial devices, 
and the OmniView SMB switch emerges 
as the most popular product in this award 
category. 

—JeffJames 

Silver: OmniView Remote IP Device 
with Virtual Media F1DE101H 
Belkin International 
www.belkin.com 
Bronze: APC 16-Port IP KVM 
American Power Conversion 
www.apc.com 0 
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[Editor's Note: Unlike past years, this year's TechEd was split into 
two events. TechEd Developers 2008 (held June 3-6) focused on the 
development side of business IT, and TechEd IT Professionals (held 
June JO-13) centered on content more useful for IT pros and network 
administrators. We present the TechEd IT Professionals winners in 
this issue of Windows IT Pro; for the Best of TechEd Developers 2008 
awards, see the August issue of SQL Server Magazine.] 

The Best of TechEd awards, produced by Windows IT Pro and SQL 
Server Magazine, recognize innovative products and services offered by 
Microsoft partners that exhibited at TechEd IT Professionals 2008. 

Our judges were Windows IT Pro and SQL Server Magazine editors, who win¬ 
nowed the 228 submissions to 29 finalists. On site in Orlando, Technical Director Michael 
Otey, Executive Editor Amy Eisenberg, and Senior Editors Jeff James and Sheila Molnar 
attended presentations by all the finalists to determine the winners in all 11 categories, 
including the Breakthrough Product category for the most outstanding product of the show. 
The judges evaluated the entries according to three criteria: strategic importance to the 
market, competitive advantage, and value to customers. And, like last year, show attendees 
voted to determine the winner of the Attendees' Pick award. 
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Best Messaging Product 

OneServer Virtual Edition 

I ur Best Messaging Product 
winner is Azaleos' OneServer 
Virtual Edition, a one-stop vir¬ 
tual infrastructure solution for 
Microsoft Exchange 2007. Some IT pros have 
been reluctant to virtualize their Exchange 
servers, but the maturation and stability of 
virtualization technology—combined with 
powerful and inexpensive hardware—take 
away previous reasons for concern. Accord¬ 
ing to Azaleos, a typical Exchange installa¬ 
tion requires four physical servers for the 
three primary server roles. With OneServer 
Virtual Edition, IT pros can reduce that 
hardware requirement to two servers and 
one storage device. Combined with Azaleos 
OneStop managed services, OneServer Vir¬ 
tual Edition can reduce hardware and power 
costs, improve system availability, stream¬ 
line deployment, and offer improved perfor¬ 
mance for Exchange 2007 installations. 

—JeffJames 


Best Business Intelligence 
Product 

OfficeWriter 


I icrosoft Office and Micro¬ 
soft Excel are two of the 
most popular business applica¬ 
tions available today. So why not 
leverage those applications to meet your 
business intelligence (BI) needs? SoftArti- 
sans answered that question with its excel¬ 
lent OfficeWriter application, which does 
exactly that. OfficeWriter can connect to 
SQL Server Analysis Services and other 
databases and deliver fully functional Excel 
and Word documents over the Web. One 
really cool feature of OfficeWriter is its 
ability to preserve all of the original docu¬ 
ment functionality, such as macros and 
pivot tables. Want more? OfficeWriter offers 
bidirectional data updating (a feature that 
lets end users update data sources through 
Excel or Word) and supports .NET Frame¬ 
work 2.0. If you're looking to leverage your 
existing office applications to meet your BI 
needs, OfficeWriter might fit the bill. 

—Amy Eisenberg 




Best SharePoint Product 

DocAve Software Platform 

*harePoint use is exploding, 
'and administrators tasked 
with managing it need help. Ave- 
Point's DocAve Software Platform 
provides an integrated environment for 
SharePoint management, disaster recov¬ 
ery, and real-time backup. A discovery tool 
helps you find SharePoint installations in 
your enterprise, and a consistent, Web- 
based management GUI makes manag¬ 
ing all the product's features a snap. You 
can install DocAve Software Platform as 
a cohesive system or deploy each mod¬ 
ule individually. The administration tools 
make it easy to replicate and administer 
your content, and a compliance module 
can help you ensure that your SharePoint 
infrastructure adheres to compliance and 
auditing regulations. Finally, user and con¬ 
tent migration tools simplify the process of 
moving people and assets into your Share- 
Point infrastructure. 

—Jeff James 


Best Hardware, Networking, 
or Storage Product 

Strangeloop WS1000 Web Services 
Accelerator 

"loud computing and hosted 
-services have been getting a 
lot of attention lately, a situa¬ 
tion that translates into greater 
demands being placed on Web services. 
Accelerating the performance of those Web 
services is the focus of the Strangeloop 
WS1000 Web Services Accelerator, an 
appliance that you install between a Web 
server and the Web applications that are 
placing demand on that server. The WS1000 
uses a combination of hardware and smart 
software algorithms that can dramatically 
reduce the load on Web servers and increase 
the performance of Web services by an order 
of magnitude. The Strangeloop WSlOOO's 
advanced caching technologies also enable 
plug-and-play performance optimization 
without requiring any changes to the Web 
services application code. 

—Michael Otey 




Best Database 
Administration Product 

SQL diagnostic manager 

I n the Database Administration 
category, our Best of TechEd 
award goes to Idera's SQL diag¬ 
nostic manager. SQL diagnostic 
manager lets you monitor SQL Server per¬ 
formance as well as diagnose and analyze 
performance problems. The product can 
record comprehensive performance histo¬ 
ries of monitored servers, which enables the 
administrator to see trending and analysis of 
previous system problems. It also monitors 
more than 230 performance criteria, all of 
which you can organize, view, and analyze 
via a powerful command console. Com¬ 
bine that plethora of robust features with a 
speedy, agentless installation process, and 
SQL diagnostic manager makes database 
administration easier than ever. 

—Michael Otey 


Best Productivity and 
Collaboration Product 

Colligo Contributor Pro for SharePoint 


* iving users access to company 
I information on the road is 
essential. Colligo Contributor Pro 
lets users access and edit SharePoint 
content offline as well as online. A handy Col¬ 
ligo add-in for Microsoft Office Outlook also 
makes publishing SharePoint content as easy 
as dragging and dropping an email from one 
screen location to another. Colligo Contribu¬ 
tor Pro is easy to deploy, with a 5MB client, no 
required server installation, and full support 
for Windows SharePoint Services (WSS) 3.0, 
WSS 2.0, Microsoft Office SharePoint Server 
2007, and Microsoft SharePoint Portal Server 
2003, as well as integration with Outlook 2007 
and 2003. This product also lets SharePoint 
administrators configure and set user permis¬ 
sions, support SharePoint clients in disparate 
physical locations, and even develop custom 
SharePoint clients by using the Colligo Con¬ 
tributor Software Development Kit. For all 
these reasons—and more—Colligo Contribu¬ 
tor Pro is our winner in the Productivity and 
Collaboration category. 

—JeffJames 
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Best Security Product 

ScanMail for Microsoft Exchange 



" he winner in the security cat¬ 
egory is Trend Micro's Scan- 
Mail for Microsoft Exchange. 
ScanMail for Microsoft Exchange 
provides comprehensive email security, 
including antivirus, antispyware, and zero- 
day virus protection. In addition, ScanMail 
can stop spam and phishing threats and 
block inappropriate Web content. A recent 
survey by Osterman Research (commis¬ 
sioned by Trend Micro) interviewed more 
than a hundred IT professionals about the 
costs they incurred when deploying and 
managing messaging security solutions 
designed for Exchange environments. The 
survey revealed that ScanMail for Exchange 
provided the lowest cost of ownership for 
organizations with fewer than 2,500 seats. 
Combine that low cost of ownership with 
ScanMail's impressive feature set, and IT 
pros looking for email security would be well 
advised to give this product a look. 

—Michael Otey 


Best Virtualization Product 

VMware Infrastructure 3 



"he winner in our Virtualiza¬ 
tion category is VMware Infra¬ 
structure 3 (VI3). Virtualization 
is taking the IT world by storm, 
and VMware has been driving that change. 
Although vendors such as Citrixand Microsoft 
are hoping to chip away at its market-leading 
position, VMware is currently in the driver's 
seat. The VI3 suite is available in a variety of 
configurations and includes several products 
that can make your virtualized infrastructure 
more efficient. VMware Consolidated Backup, 
VMware Distributed Resource Scheduler, 
and VMware High Availability are just a few 
of the VI3 suite components that can drive 
improvements to efficiency and utilization 
while holding down costs. An optimized vir¬ 
tualization infrastructure lets IT pros dynami¬ 
cally provision and migrate resources through 
the enterprise to match changing business 
demands, and no virtualization product suite 
does that better than VI3. 

—JeffJames 


Best Systems 
Management and 
Operations Product 

Athena 



thena by Odyssey Software is 
\b. management solution for 
Windows-based mobile devices 
that integrates into the Microsoft 
System Center management interface. With 
Athena, you can detect and catalog deployed 
mobile devices, monitor the status of con¬ 
nected assets, and deploy software updates 
and applications. Available feature packs 
let you incorporate additional features, such 
as asset reporting, software provisioning, 
security, and improved support, into your 
Athena environment. The product integrates 
with Microsoft Systems Management Server 
2003 and System Center Configuration Man¬ 
ager 2007 to help IT pros more easily super¬ 
vise, manage, monitor, and secure Windows 
Mobile infrastructures. 

—Amy Eisenherg 


Breakthrough Product 

PowerGUI 



^ith millions of downloads 
and robust support for 
many Microsoft applications, 
Windows PowerShell is one of the 
most popular tools to hit the IT industry in 
years. Its powerful scripting features give 
IT pros new ways to manage the IT infra¬ 
structure. And no product makes Power- 
Shell easier to use than Quest Software's 
PowerGUI, a scripting and command shell 
platform. If you're an IT pro who isn't fond 
of scripting, or a VBScript expert who's 
not eager to learn a new scripting system, 
PowerGUI could be the tool you've been 
waiting for. PowerGUI provides point-and- 
click access to most PowerShell features and 
can convert VBScript expressions into their 
PowerShell equivalents. Combined with 
the VMware Infrastructure Toolkit and a 
few other tools, PowerGUI can also be used 
with PowerShell to manipulate VMware ESX 
Server virtual machines. All these features 
(and more) make PowerGUI the winner of 
our Breakthrough Product award. 

—JeffJames 


Attendees'Pick 

Replicator for SharePoint 



I nlike all the other award 
categories at TechEd, the 
Attendees' Pick award is chosen 
by TechEd attendees who voted for their 
favorite products. Dozens of products were 
chosen by popular vote, and the winner— 
Syntergy's Replicator for SharePoint—gar¬ 
nered the most votes to emerge victorious. 
Replicator is designed to help IT pros man¬ 
age large SharePoint environments and is 
particularly helpful with the task of keeping 


"Judges 
evaluated 
the entries 
according to 
three criteria: 
strategic 
importance 
to the market, 
competitive 
advantage, 
and value to 
customers." 


geographically diverse SharePoint installa¬ 
tions and content synchronized and com¬ 
patible. Replicator can create links between 
SharePoint servers, which can then use 
bidirectional data transfer to keep con¬ 
tent and configuration consistent between 
them. Replicator can also keep users and 
group data synchronized between servers, 
replicate permissions, and perform dozens 
of other helpful SharePoint management 
tasks to relieve overworked administrators. 

—Jeff James 
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SOLUTIONS PLUS 




PROBLEM: 

Without access to a server, 
users can't access all features 
of their SoftGrid applications 
on the road. 

SOLUTION: 

Pre-load applications by 
converting an existing 
SoftGrid sequence to an .msi 
file and deploying that file 
by using Group Policy, SCCM, 
or any systems management 
tool. 

WHATYOU NEED: 

An existing SoftGrid 
implementation; MSI Utility for 
Microsoft SoftGrid Application 
Virtualization; and the SoftGrid 
4.2.1 client 

SOLUTION STEPS: 

1. Have a SoftGrid 
infrastructure already in place. 

2. Get the MSI Utility for 
Microsoft SoftGrid Application 
Virtualization. 

3. Make sure you have an 
updated SoftGrid 4.2.1 client 
running in Offline mode on 
your target system. 

4. Convert an existing SoftGrid 
sequence to an .msi file. 

5. Deploy the .msi file using 
Group Policy, SCCM, or any 
systems management tool. 

DIFFICULTY: 

•••oo 


Making 

SoftGrid Apps 

Work On the 

Road 


by Jeremy 
Moskowitz 


Wrap SoftGrid sequences 
as MSI files 



Editor's note: This article is about Microsoft 
SoftGrid Application Virtualization, the prod¬ 
uct that was currently shipping at press time, 
and might not be valid for future editions of 
this product, known as Microsoft Application 
Virtualization. 

'm a big Microsoft SoftGrid Applica¬ 
tion Virtualization fan. With Soft- 
Grid, I don't have to actually install 
applications directly on my client 
machines. Instead, I get the sweet 
ability to let users run applications 
that are on a server but use the client com¬ 
puter's horsepower—and I don't have to 
worry about the dirty job of han¬ 
dling software conflicts. Even if 
users have never used an appli¬ 
cation before, they just click an 
application's icon on the desktop 
or Start Menu and the applica¬ 
tion launches from the server- 
all the while, the application is 
never actually installed on the 
client machine. 

Once you've set up SoftGrid 
on the server and clients (see 
“SoftGrid for Application Vir¬ 
tualization," September 2007, 
InstantDoc I D 96625) it elegantly 
distributes the application: First, 

We're in IT with You 



the SoftGrid client makes a request to the 
server, then the server streams as much of the 
application as the user needs at that moment. 
On the client, SoftGrid caches any part of an 
application that a user accesses. If a user has 
previously used an application, or even just 
part of an application, that portion comes 
from the cache, not the server. But if a user 
needs more of an application, say, Microsoft 
Word's Thesaurus, the SoftGrid client then 
automatically connects back to the server and 
downloads (and caches) just the bits it needs 
and makes the cached feature available for 
next time. 

SoftGrid's a great solution for desktops, 
but what about laptops? If a user on the road 
wants to access Word's Thesaurus feature, 
but has never used it before, that user could 
have a little problem. Well, a big problem. 
In fact, depending on the application, your 
user could receive a terse message to close 
the application in two minutes or it will shut 
down. Ouch! Harsh! I'll show you some ways 
to avoid this problem and help your users get 
the most out of SoftGrid while on the road. 

SoftGrid for Road Warriors 

You have three options for helping users 
take advantage of SoftGrid on the road. Two 
unfortunately ask the user to do something 
(or to use an inelegant script). But the third 
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is more robust and the one we'll explore fur¬ 
ther. As you'll see, it lets you pre-load specific 
applications by using the software deploy¬ 
ment infrastructure you already have, such 
as Group Policy, Microsoft System Center 
Configuration Manager (SCCM) 2007, or 
something else. 

Option 1: Let your users do it. You can 
ask your users to try to use all the function¬ 
ality in the office before they go, so they'll 
have what they need while on the road. This 
option fails the moment you get a phone call 
from the CIO asking why Microsoft Excel 
Pivot Tables won't run while she's using her 
laptop at 30,000 feet. Of course, if the CIO had 
used that particular feature while connected 
to the network, you wouldn't get the phone 
call, but obviously it's not ideal to rely on 
users in this way. 

Option 2: Force the entire application 
into the cache. The SoftGrid client has a 
command-line switch that can force all 
of a particular application (or all applica¬ 
tions a user has access to) into the cache 
before users take off for a trip. You could 
teach users to perform this step. Or, you 
could use a Group Policy script to force 
this to occur under certain creative condi¬ 
tions. (For instance, you could create and 
deploy a shutdown script that asks users 
which applications they want to take on 
the road with them; however, that's an 
exercise beyond the scope of this article.) 

When you prepare an application for 
SoftGrid distribution, you have to "sequence" 
it (make it a streamable application from the 
original application media). Part of sequenc¬ 
ing requires creating an Open Software 
Description (.osd) file. To tell the client to 
cache a specific application, you need to 
know the precise name of the .osd file that 
the client uses to pull information about the 
application from the server. The person who 
sequenced the application should be able 
to provide this for you (it's a property of the 
sequenced application). 

With the .osd file name in hand, you can 
ensure, for example, that 100 percent of your 
Adobe Reader sequence will be loaded on the 
client. Ask the user to execute the following on 
that client (or make a script to do it): 

sfttray.exe /load “Adobe Reader 7.0 
7.0.8.218” 


Or, alternatively, you can tell the SoftGrid cli¬ 
ent to force load all applications the user has 
access to by using this command: 

sfttray.exe /loadall 

However, note that the client cache size 
can’t be exceeded. The cache size is a hard¬ 
coded limit that administrators declare on 
the SoftGrid client at client setup time. The 
default size is 2GB and is changeable only 
during client installation. Also note that after 
the cache fills up, the application that's cur¬ 
rently streaming will stop streaming, then 
display a Launch Failed message. 

Options 1 and 2 have drawbacks: Users 
still need a connection to the server to "get 
more." And it's still a manual or scripted 
process to either load additional pieces of 
the application or cache the application in its 
entirety. 

It would be better if you could pre-load 
specific applications by using a technique 
you already use for other areas of software 
deployment. That would be Option 3. 

Option 3: Deploy sequences wrapped 
up as Windows Installer applications to 
SoftGrid clients in offline mode. I'm a 
Group Policy geek. So I was disappointed 
that there was no way to deliver SoftGrid 
sequences via Group Policy. Well, that's 
changed. You can configure the newest Soft- 
Grid client, SoftGrid Client 4.2.1, to work in 
a new mode called Offline mode. Then you 
can specially deploy sequences wrapped 
up as Windows Installer (.msi) applica¬ 
tions. Upon deployment of these .msi files 
to SoftGrid client computers, 100 percent 
of the application is forced into the cache. 
This gives you the best of both worlds: You 
can deploy sequences using tools you love 
(Group Policy, SCCM 2007, LANDesk, or 
anything else that slings .msi files) and force 
specific applications into the computer's 
cache. With this approach, you don't have 
to leave the onus on users to do anything to 
ensure their applications are fully cached. 

To Get Started 

The magic of Option 3 begins with two 
components. Here's what you need to get 
started: 

Component 1: The MSI Utility for Micro¬ 
soft SoftGrid Application Virtualization. 
The MSI Utility is a tool that wraps up the 


necessary SoftGrid application bits and puts 
them into an .msi file—all the bits, that is, 
except the .sft file. This file might be too big 
to fit inside an .msi file because it actually 
contains the application. We'll see how to 
perform this wrap-up of existing SoftGrid 
sequences in just a bit. Then, when you 
deploy the .msi application (using any tool 
you like), the installation doesn't actually 
install the application. Rather, the .msi instal¬ 
lation is simply directed to fetch the .sft (the 
actual application sequence) file and stick it 
all in the local SoftGrid cache. (See the side- 
bar "Using the Softgrid SMS Connector," page 
50, to see why you must use the MSI utility 
instead of the Softgrid SMS Connector.) 

Component 2: The updated SoftGrid 
Client (at least 4.2.1) running in Offline 
mode, fust because you wrap up SoftGrid 
sequences as .msi files, and deploy them 
using Group Policy (or another method) 
doesn't mean that regular SoftGrid clients 
will know what to do when they receive the 
.msi package. To be able to run the .msi files 
you've created with the MSI tool for SoftGrid, 
you'll need to upgrade (or freshly install) 
SoftGrid Client (at least 4.2.1) over your client 
population for those clients you want to work 
in Offline mode. 

SoftGrid Client (at least 4.2.1) is avail¬ 
able at support.microsoft.com/kb/9414Q8 . A 
quick note to save you heartache: Be particu¬ 
larly careful that you're downloading at least 
the 4.2.1 client (as of press time the latest is 
4.2.2.15) and not the 4.2.0 client, which is also 
confusingly located on the same Web page. I 
spent four or five hours pulling my hair out, 
only to find out I downloaded the wrong cli¬ 
ent. 

Also note that the SoftGrid 4.5 beta Client 
(not on the same Web page, thankfully) won't 
accept .msi packages created using the MSI 
Utility. You must use at least 4.2.1 to perform 
the magic. A warning, though: If you upgrade 
your older SoftGrid Client to the newer Soft- 
Grid Client (at least 4.2.1), the applications 
cache is flushed and all packages need to be 
redownloaded. 

Force the SoftGrid Client to Offline 
Mode 

For this article, we'll install SoftGrid Client 
4.2.1 into Offline mode manually. To do 
so, just run the setup using the msiexec /i 
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Figure 1: Installing the client in Offline mode 


command with the MSIDEPLOYMENT= 
TRUE flag, like this: 

msiexec /i softgrid-wd-setup.msi 
MSIDEPLOYMENT=TRUE 

Next, set up the SoftGrid client as you nor¬ 
mally would through the standard Wizard- 
based installation. However, when you get 
to the Desktop Configuration Server screen, 
which Figure 1 shows, enter nothing and 
click Next. That's because the client doesn't 
require a connection to any server. Remem¬ 
ber, it will be working offline. 

Because you used the special 
MSI-DEPLOYMENT=TRUE mode during 
installation, the client should put in some 
special registry entries that tell it to work in 
Offline mode. A quick test you can do after 
the client is finished installing is to open up 
the client's registry editor and dive down into 
HKEY_LOCAL_MACHINE\SOFTWARE\ 
Softricity\SoftGrid Client\CurrentVersion\ 
Network and look for a subkey called Online. 
If Online is present and set to 0, your installa¬ 
tion into Offline mode succeeded. 

However, note that one registry option 
isn't automatically set correctly and really 
needs to be changed. That subkey is 
HKEY_LOCAL_MACHINE\SOFTWARE\ 
Softricity\SoftGrid Client\CurrentVersion\ 
Network and the value is DOTimeoutMinutes. 
DOTimeoutMinutes should be a DWORD 
set to ffffff (that's six fs). This setting instructs 


clients to cache applications offline for 31.9 
years, as opposed to the default of 90 days. It 
would be pretty inconvenient if on the 91st 
day these applications suddenly stopped 
working. 

Convert the SoftGrid Sequence to 
an .MSI Package 

Again, the whole point of working in Offline 
mode is to be able to run a sequence entirely 
in cache, without any maintained connection 
to a server. To do this, you use the MSI Utility 
to convert your exist¬ 
ing packages and 
projects to an .msi 
package. You can 
find the MSI Utility at 
tinyurl.com/2zlpyq. 

After you run the 
MSI Utility, you sim¬ 
ply point it toward 
an existing .osd file 
(with the .sft file in 
the same directory). 

In Figure 2, you can 
see how I've pointed 
the MSI Utility toward 
my Adobe Acrobat 
Reader project file 
and how the output 
.msi file is created in 
the same directory. 

The whole wrapping 


process takes about two seconds for each 
application. 

Note that the large .sft file isn't included 
in the new .msi file. The .msi file is simply a 
new way to launch the installation. The .sft 
file still needs to stick around and be avail¬ 
able at install time. Again, we're not actually 
installing an application on the client; we're 
installing the .msi, which pushes Acrobat 
Reader into the local SoftGrid cache. 

Test the New .MSI File 

Now that you've got your new .msi file, you're 
ready to test. Figure 3, page 50, shows a Group 
Policy Object (GPO) that I used to deploy the 
newly wrapped sequence of Acrobat Reader 
(as an MSI) to computers. Note that the .msi 
and .sft files are in the same share (in my 
example, it's called sgContent), which you 
can also see in Figure 3. 

Remember that users need to be able 
to read the .msi file and the .sft file through 
the share. So, be sure that the permissions 
are set to Read for Authenticated Users on 
both the share and within the underlying 
NTFS permissions. That way, users and 
computers, which are both considered 
(strangely enough) Authenticated Users, 
can access the files. Without Read permis¬ 
sions to Authenticated Users your deploy¬ 
ment will fail. 

When a SoftGrid client that's set up for 
Offline mode reboots, Group Policy looks to 
see whether any .msi applications are ready 



Figure 2: Creating an .msi from an existing SoftGrid project file 
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Figure 3: Using GPSI to deploy the newly wrapped sequence of Adobe Reader 


to install. If they are, at this point 100 percent 
of the .msi application is placed into cache. 
Now, whenever a user logon occurs and a 
user tries to run the SoftGrid application, the 
application is simply pulled from the local 
cache and not from the server. 

Mitigate the Downside of Offline 
Mode 

Yes, there are several disadvantages to using 
the SoftGrid client in Offline mode. Here's 
a breakdown of the top issues and how to 
mitigate them. 

Once in Offline, always in Offline. 
The SoftGrid Client can't switch on the fly 
between Offline mode and original stream¬ 
ing (Online) mode. So, you have to specifi¬ 
cally dictate which SoftGrid clients will work 
in Offline mode and which SoftGrid clients 
will work in Online mode. 

To mitigate this issue, have a plan about 
specifically which client computers should 
get the Offline client and document them. 
Troubleshooting SoftGrid Online clients is 
going to be different than troubleshoot¬ 
ing SoftGrid Offline clients. In short, you'll 
likely want to stay with the Online mode for 
desktops and switch to the Offline mode for 
laptops. 

All Online clients suffer for the good of 
the Offline clients. If the .msi package gets 
targeted for regular SoftGrid clients (those 
not set to Offline mode), you might still see 
the .msi try to install each and every time 
regular online SoftGrid clients reboot. That's 
because the .msi package tries to process but 
can't successfully install to an online client, 
so it just times out. This timing out adds to 
the computer startup time for regular online 


clients. To counteract this, be sure to target 
your .msi packages only for Offline SoftGrid 
clients. 

Offline clients are exempt from some 
key SoftGrid features. Any clients that use 
Offline mode are automatically exempt from 
SoftGrid's nifty auditing feature and software 
metering. This is because the whole sequence 
is running locally, not off the SoftGrid server, 
so there's no checking-in process and no way 
to audit or meter for license overuse. No solu¬ 
tion exists currently to mitigate this problem. 
If you need to ensure an audit trail each time 


a SoftGrid application is run, you must use 
Online mode. 

Take Clients Off the Network 

The MSI Utility and the new SoftGrid Client 
4.2.1 can help you take your clients off the 
network and let them work with applica¬ 
tions anywhere. And you can use the tools 
you already know and love to deploy your 
SoftGrid sequences (now wrapped as .msi 
files). Many more options exist for using 
the SoftGrid Offline client. For instance, you 
might also want to mass-upgrade and con¬ 
figure existing older SoftGrid clients that are 
currently in Online mode to SoftGrid 4.2.1 
while converting them to Offline mode. You 
can do this by using Group Policy or your 
own scripting method. ^ 

InstantDoc ID 99397 


Jeremy 

Moskowitz 

(jeremym@moskowitz-inc.com) , 
a Group Policy MVP, has trained 
thousands of administrators 
to get smarter in Group Policy. 
Learn more about his training 
and books, including Creating 
the Secure Managed Desktop 
(Sybex), a t www.GPanswers.com. 


Using the SoftGrid SMS 
Connector to Deliver a 
SoftGrid Application 

called the SoftGrid SMS Connector. It's a neat 
piece of technology that enables Microsoft Systems Management Server (SMS) administra¬ 
tors to deploy SoftGrid applications by using the same SMS process they always did. However, 
what's not generally known is that the SMS Connector has been deprecated (that is, put out 
to pasture). 

The problem with the SMS Connector wasn't the technology itself; rather, the technology 
was too specific to a Microsoft solution. In other words, Microsoft wanted a more generalized 
way to deploy SoftGrid applications to users and that way should be through MSI. 

Many technologies are capable of deploying MSI applications. This includes Microsoft 
System Center Configuration Manager (SCCM) 2007 (the new version of SMS), Group Policy, 
and third-party application deployment solutions such as those from LANDesk and Altiris. 

The official deprecation has occurred with the birth of the new MSI Utility used in the 
solution I describe in the main article. So, if you're already using the SMS Connector with 
SoftGrid, get started using the new SoftGrid MSI wrap-up tool. 

InstantDoc ID 99399 
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PROBLEM: 

Applications are loading 
slowly or overall system 
performance and 
responsiveness are suffering. 

SOLUTION: 

Find, then fix the problematic 
kernel-mode device driver. 

WHATYOU NEED: 

Windows Task Manager, 
Performance Monitor or 
Process Explorer, and the 
Kernel Profiling Tool 

SOLUTION STEPS: 

1. Recognize the problem with 
knowledge and Windows Task 
Manager. 

2. Diagnose the problem by 
using Performance Monitor 
or Process Explorer, and the 
Kernel Profiling Tool. 

3. Solve the problem by 
reinstalling, updating, or 
disabling the problematic 
driver. 

DIFFICULTY: 

•#©oo 



Troubleshooting 

Device Drivers 


bySteven How to recognize, diagnose, 
Daugherty and solve DPC problems 



I 'm waiting for an application to 
start...again. As I stare at the hour¬ 
glass on my Windows XP desktop, I 
wonder what is slowing things down 
this time. I press Ctrl+Shift+Esc to 
bring up Windows Task Manager 
and click the Processes tab. I'm ready to kill 
the offending process, but I find nothing but 
the usual System Idle Process at the top of 
the list. 

Over time, Windows system performance 
tends to degrade. Many performance prob¬ 
lems can be resolved by eliminating unnec¬ 
essary programs from startup, defragmenting 
the hard disk, and cleaning the 
registry. In my case, however, 
none of these actions worked. 
I don't usually get into desktop 
support issues but since it was 
my desktop, I was determined to 
find and resolve the problem. 

When I searched the 
Internet, I found many peo¬ 
ple complaining about the 
same symptoms in blogs and 
forums, but they didn't provide 
any solutions. I got a few clues 
when some people mentioned 
that the problem went away 
after they upgraded a driver or 

We're in IT with You 


replaced a disk controller. At this point, I 
concluded that the performance problem 
was probably related to a driver, but I didn't 
know for sure. So, I dug deeper. After wading 
through some device-driver development 
articles, I found a gem. The Microsoft TechNet 
article 'Advanced DPCs" (www.microsoft 
.com/technet/sysinternals/information/ 
advanceddpcs.mspx) discusses howto diag¬ 
nose driver performance problems by exam¬ 
ining deferred procedure call (DPC) queue 
activity. 

DPCs wreaking havoc on Windows sys¬ 
tem performance is a common problem 
in not only workstations but also servers. 
Knowing how to recognize, diagnose, and 
solve a DPC problem can save you hours of 
troubleshooting and possibly save you from 
having to reinstall or reconfigure the prob¬ 
lematic workstation's or server's OS. 


O 


How to Recognize the 
Problem 

To recognize the problem, you need 
to know about DPCs and how to 
perform an initial check in Windows Task 
Manager when you're experiencing a per¬ 
formance problem. DPCs are a part of the 
Windows interrupt handling architecture. 
Interrupt handling consists of two 
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components, both of which are part of a 
device driver. The first component is the 
Interrupt Service Routine (ISR), which 
quickly allows the hardware to get the device 
to stop interrupting. The driver actually han¬ 
dles the processing around the interrupt later 
by queuing a worker thread from the created 
DPC queue object. In short, this means that 
a driver does its initial work with a hardware 
device in a DPC. Because both the ISR and 
DPCs are vendor-provided within the driver 
for a device, a poorly written kernel-mode 
driver can have a significant impact on over¬ 
all system performance. 

When you're experiencing a perfor¬ 
mance problem, you can use Windows 
Task Manager to see whether it might 
be due to DPCs. When a performance 
problem might be related to DPCs, you'll 
see that the CPU usage is high on the Per¬ 
formance tab, but no processes are taking 
the blame on the Processes tab. You'll 
also see that System Idle Process is 
showing the highest CPU usage on 
the Processes tab, which is typical 
for an idle system. 

The System Idle Process typically doesn't 
significantly affect system performance. 
However, when DPC problems exist, the 
kernel will be using a large percentage of 


E Windows Task Manager 


the CPU, which can 
impact system per¬ 
formance. You can 
find out the kernel's 
CPU usage by select¬ 
ing the Performance 
tab and choosing the 
Show Kernel Times 
option on the View 
menu. The bottom 
red portion of the 
CPU Usage graph 
shows the CPU time 
being used by the 
Windows kernel. The 
sample CPU Usage 
graph in Figure 1 
reveals that some¬ 
thing loaded by the 
kernel is monopoliz¬ 
ing the CPU. 
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Figure 2: Using Process Explorer to determine how much time the 
processor is spending on DPCs 
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How to 
Diagnose 
the 

Problem 

A kernel can monop¬ 
olize the CPU for sev¬ 
eral reasons, so the next step is to diagnose 
the problem to determine whether DPCs 



Figure 3: Using Performance Monitor to determine how much time 
the processor is spending on DPCs 
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Figure 1: Using Windows Task Manager to determine how much 
CPU time is being used by the Windows kernel 


are in fact causing the high CPU usage and 
if so, which device is using those DPCs. You 
can use three tools to drill down and get the 
details needed for diagnosis: 

• Performance Monitor (perfmon.exe). 

This is a built-in Windows tool. 

• Process Explorer (procexp.exe). You can 
download this free utility from Microsoft 
at www.microsoft.com/technet/ 
sysintemals/ProcessesAndThreads/ 
ProcessExplorer.mspx. 

• Kernel Profiling Tool (kemrate.exe). This 
tool is part of the Microsoft Windows 
Server 2003 Resource Kit , which you can 
download atwww.microsoft.com/ 
downloads/details.spx?FamilyID= 
9d467a69-57ff-4ae7-96ee-bl8c4790 
cffd&displaylang=en. 

To determine whether DPCs are causing 
high CPU usage, you can use Performance 
Monitor or Process Explorer. I find Process 
Explorer easier to use than Performance 
Monitor for this purpose, but I'll cover 
both in case you prefer to use Performance 
Monitor. 
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C:\>kGfwatG 

^ernrate User-Sped Hed Copmand Lira; 
kernrate 


Kernel Prof il * 1 [ P'J fi - Dj . Sou r c* - T i me , 
using Ki'iTvvm' 1 Default Rate of 2 5 non avtin'ts/lilt 
Starting to collect profile data 

,ll > press Ctrl c to finish cal Tecting profile data 


Figure 4: Initial sample output from the Kernel Profiling Tool 


In Process Explorer, you can quickly and 
easily see whether DPCs are causing high 
CPU usage. In the main window, the System 
Idle Process is broken into three groups: 
Interrupts, DPCs, and System, fust double¬ 
click DPCs to bring up the DPCs properties 
page and select the Performance Graph tab. 
The top two graphs show the DPCs' CPU cur¬ 
rent usage and CPU usage history, as Figure 
2, page_53, shows. 

Under the Processor ob-ject, Perfor¬ 
mance Monitor includes a counter named % 
DPC Time, which tells you the percentage of 
time a processor is spending on receiving and 
servicing DPCs. Comparing this percentage 
to the % Processor Time value reveals what 
portion of total CPU usage is consumed 
by a thread in the DPC queue, as Figure 3, 
page_53, shows. For information about how 
to use Performance Monitor, see “Perfor¬ 


mance Management in 
Windows” (March 2003, 
InstantDoc ID 37933) . 

After Process Explorer 
or Performance Moni¬ 
tor has confirmed that 
the CPU is being dispro¬ 
portionately consumed 
by activity in the DPC 
queue, you can use 
the Kernel Profiling Tool to determine 
which driver is causing the problem. This 
command-line tool lists kernel modules, 
including kernel-mode device drivers and 
the percentage of kernel time that they're 
consuming. 

The Kernel Profiling Tool has many argu¬ 
ments you can use, but for our purposes, you 
can run it without any arguments, with the 
command 

kernrate 

After running this command, you first 
receive output like that in Figure 4. Wait for 
about 30 seconds or so, then press Ctrl+C. 
While the Kernel Profiling Tool runs, keep 
an eye on DPC activity in Process Explorer 
or Performance Monitor to ensure the CPU 
usage remains consistently high during the 
sample. 


learning Path 

For background information on DPC 
and ISR: 

"Advanced DPCs" 

www.microsoft.com/technet/sysinternals/ 
information/advanceddpcs.mspx 
"Inside NT's Interrupt Handling,"InstantDoc ID 298 
"Inside Win2K Reliability Enhancements, Part 3," 
InstantDoc ID 7206 

For information on how to disable 
device drivers: 

"How to Disable a Service or Device That Prevents 
Windows from Starting" 
support.microsoft.com/kb/310602 
"How to Troubleshoot Hardware Problems with Device 
Manager" 

www.microsoft.com/windowsxp/using/setup/ 

learnmore/devicemgr.mspx 


Figure 5 shows an excerpt from the sec¬ 
ond part of the sample output. As you can 
see in the “Results for Kernel Mode” section, 
the problematic driver is intelppm, the Intel 
processor driver that's part of the OS load. 
This driver throtdes the CPU in order to 
conserve power consumption to extend bat¬ 
tery life. The Intel processor driver probably 
wasn't the cause of the problem; instead, the 
problem was likely due an interoperability 


issue with this driver and other hardware or 
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drivers installed on my system. Regardless, 
it's not required on a nonportable computer 
where battery life is of no concern. 


) How to Solve the Problem 

The options for solving a DPC prob¬ 
lem are to reinstall, update, or disable 
the driver that's causing the problem. 
Which option you choose depends on the 
driver. For example, you can't disable a driver 
that your system needs or update a driver 
when no updates exist. In my case, because 
the Intel processor driver isn't a required 
driver for my system, I decided to disable it. 

There are several ways you can dis¬ 
able drivers, including through the registry, 
Device Manager, and Recovery Console 
(RC). I opted to disable the Intel processor 
driver through the registry. If you're inter¬ 
ested in using RC or Device Manager to 
disable a driver, see the articles referenced 
in the “Learning Path." 

The registry data for the Intel processor 


Figure 5: Identifying the problematic driver 


driver is in the HKEY_LOCAL_MACHINE\ 
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DEVICE DRIVERS 


Table 1: Possible Start Values 

Start Value I Description 


0 (0x0) Drivers required to read the boot volume are loaded by the kernel (Boot Loader). 

1 (0x1) Drivers are loaded at kernel initialization by the I/O subsytem. 

2 (0x2) Services are automatically started and drivers are automatically loaded at system 

startup by the Service Control Manager. 

3 (0x3) Services and drivers are available. The Service Control Manager starts the service or 

loads the driver only when initiated by user. 

4 (0x4) Services and drivers are disabled and can't be started or loaded. 


SYSTEM \CurrentControl 
Set\Services\intelppm sub¬ 
key. To disable this driver, I 
changed the Start entry from 
a value of 1 to a value of 4. 

Table 1 shows the Start val¬ 
ues you can use for subkeys 
under the HKEY_LO CAL_ 
MACHINE\SYSTEM\ 
CurrentControlSet\ 

Services key. For more infor¬ 
mation about how to read and change 
entries in these subkeys, see the Microsoft 
article “CurrentControlSet\Services Subkey 
Entries" (support.microsoft.com/kb/ 
103000). 

As Microsoft continually reminds us, 
it's important that you understand how 
to restore the registry before you edit it. 
It's also important to reboot before and 
after editing the registry. Rebooting before 
a change is important to ensure a clean 
Last Known Good Configuration in case 
you need to restore the registry. (The 


Last Known Good Configuration includes 
everything under CurrentControlSet key 
and is updated after a successful logon.) 
Rebooting after a change is necessary for 
the change to take effect. 

3 Simple Steps Is All It Takes 

If your applications are loading slowly or 
don't load at all, the culprit might be a device 
driver and the DPCs it makes. By using tools 
such as Windows Task Manager, Perfor¬ 
mance Monitor, Process Explorer, the Kernel 
Profiling Tool, and the registry, you can 


quickly recognize, diagnose, and solve driver 
performance problems. ^ 
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Use Cmd.exe's Start Command to 

Simplify Setup 
Automation 



Author's note: This article presents one techniquefor partial installation 
automation. However, I have since crafted another, simpler method for 
installation automationfrom a batchfile. You can read the companion 
article at InstantDoc ID 99675. 


M any organizations are too small to cost-effectively 
deploy software by using tools such as Microsoft 
Systems Management Server (SMS). The person 
responsible for software installation—typically 
an external IT consultant or an employee with 
part-time support duties—falls back on manually 
installing each application on system rebuilds or new installations, 
which can be a slow and potentially error-prone process. However, by 
using a simple batch file and cmd.exe's Start command, it's possible 
to speed up the deployment process and reduce the risk of accidental 
omissions. Let's look at when and why you'd want to use this method, 
then walk through how to deal with some of the problems you might 
encounter. 

Why Start? 

Cmd.exe's Start command is a simple tool with features that make it 
ideal for basic setup automation. In general, any command you can 
run on a Windows system can be run from a batch file. You can add 
command-line options as necessary, and the batch file can wait for 
each command to finish before running the next command. 


Achieve small-scale software 
deployment without errors or 
omissions 

by Alex K. Angelopoulos 


Why use Start? It's easy to forget specific applications that you 
need to install for a system. For example, you might forget to install a 
small application even though it's important to a client. At small sites 
that you rarely visit, you might get distracted by troubleshooting tasks 
in the middle of configuring a system and forget where you are in a 
chain of application installations. By wrapping all of the setup launch¬ 
ers into a batch file, there's no danger of forgetting an application. If 
you don't need to install a particular application in the set, you can 
always cancel its installation and go on to the next one. 

It's also easy to lose specific application sources that are on a net¬ 
work. Again, a batch file will have all of these locations in it, eliminat¬ 
ing the headache of searching for those items. 

Finally, even when you do know where everything is, you can 
waste a significant amount of time navigating to files and waiting for 
applications to start up and shut down. The Start command will shave 
off some of this start-up time. And when applications have installers 
that support command-line automation, installation can even pro¬ 
ceed while you're doing other work elsewhere. Let's look at the proper 
way to run setups now. 

Use the Wait Option 

By default, the Start command always spawns an application in a new 
process and continues on its way. Obviously, it's not a good idea to 
start up 17 different installers simultaneously; the resource demand 
would overload almost any PC. In any case, well-behaved Windows 
Installer (.msi)-based installation programs will refuse to run if 
another .msi-based installation is already running, making it easier 
for Windows to untangle applications. To handle this situation, simply 
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■ START COMMAND 


include the /wait option with the Start com¬ 
mand. You can abbreviate the /wait option 
to /w. To run the installer located at z:\dsp\ 
xp\WindowsXP-KB926139-x86-ENU.exe, you 
would start it like this: 

start /w z:\dsp\xp\WindowsXP-KB926139 
-x86-ENU.exe 

The batch file waits until WindowsXP- 
KB926139-x86-ENU.exe terminates and 
only then goes to the next command. Occa¬ 
sionally some applications—usually very 
old ones—run a chain of their own applica¬ 
tion installations and exit before processes 
they've launched actually terminate. You're 
unlikely to run into these older applications 
very often, but if you do, you can still use the 
batch file after adopting one of two strate¬ 
gies. Either place a single such application at 
the very end of the batch file, where it won't 
matter that the /wait does you no good, or 
insert a Pause command in the batch file 
immediately after the line on which you run 
the installer: 

start z:\dsp\legacy\oldapp.exe 
echo wait for OldApp to finish 
installing && pause 

Although it theoretically doesn't help 
in this situation to use the /w option, it's a 
good habit to use in creating scripts for setup 
chaining. 

Set the Working Directory 

On some occasions, you might need to con¬ 
trol the working directory of the launched 
application. For example, some installers 
might use user-specific license files or need 
a local directory for extraction and not auto¬ 
matically get the user's temp folder. You can 
force the working directory by using the /d 
option. If the application needs files from the 
OldAppData folder in the user's profile, you 
can run it like this: 

start /w /d %userprofile%\01dAppData 
z:\dsp\legacy\oldapp.exe 

Handling Paths with Spaces 

The single most significant problem people 
encounter when using the Start command is 
its behavior with file paths containing spaces. 
If you check the command-line options for 
the Start command, you'll see why. Omit¬ 
ting some of the options for brevity, the Help 
display looks like this: 


START ["title"] ... [command/program] 

When the Start command sees a quoted 
string in its command line, Start assumes that 
you want to create a new window with the 
quoted string as the title. This means that if 
you try to run the installer z:\dsp\misc\Acme 
Shipping.msi by using the command 

start /w "z:\dsp\misc\Acme Shipping.exe" 

you won't see the Acme Shipping.exe installer 
start. Instead, an empty command-prompt 
window will pop up with the title z:\dsp\ 
misc\Acme Shipping.exe. 

You could use the /d option if the direc¬ 
tory path had spaces in it, but here our prob¬ 
lem is the executable itself. Start offers no way 
to specify that the quoted string is really the 
path. 

There are two solutions to this problem. 
One is to provide a quoted string first. For GUI 
installers, the title won't matter, but you must 
provide a quoted title string initially so that 
Windows will interpret the quoted command 
path correctly. We can modify the nonfunc¬ 
tional batch file line by adding a quoted string 
to make it work: 

start "" /w "z:\dsp\misc\Acme 
Shipping.exe" 

Another alternative is to rename the setup 
file. This is useful anyway for rarefy visited 
networks, because you can add versioning 
information to the title while you're at it, 
as well as a string to identify the execut¬ 
able as a setup file. If you pick a name such 
as AcmeShippingSetupv5.1.exe, you get an 
additional bonus: Windows Server 2008 and 
Windows Vista will automatically prompt for 
privilege elevation when invoking an appli¬ 
cation that has the word "setup," "install," 
or "update" in its name, ensuring that the 
application installs properly. As a result, if you 
later do click-and-run installations you'll get 
helpful prompting. 

Add Command-Line Options 

When you use Start to run an application, 
Start passes everything that follows the appli¬ 
cation name to the application as arguments, 
so adding command-line options is straight¬ 
forward. Suppose you're installing Windows 
Defender from the file WindowsDefender. 
msi. Windows Installer packages universally 
support certain command-line options. For 
example, /log followed by a colon and the 


name of a log file records installation details 
to the named log. So, if you wanted to log 
details to c:\install.log and weren't using the 
Start command, you could do so by executing 
the command 

z:\dsp\core\WindowsDefender.msi 
/log:c:\instal1.log 

You use precisely the same command if 
you're executing it with the Start command. 
If you want to start the installation and wait, 
you just use this: 

start /w z:\dsp\core\Windows 

Defender.msi /log:c:\install.log 

The only special case is if an argument 
needs quotes. You can use the same tech¬ 
nique I demonstrated in the section about 
handling paths with spaces and include 
an initial empty quoted string. Therefore, 
if you were logging installation data to C:\ 
Install Records.log, you would use a Start 
command such as 

start "" /w z:\dsp\core\ 

WindowsDefender.msi /log:"C:\Install 
Records.log" 

Simple Automation in Minutes 

What makes Start commands especially 
nice is that when you're ready to perform a 
sequence of installations, you simply put all 
the Start commands into a text file—each 
command on its own line in the order you 
want to run it, then save the file with a .bat 
or .cmd extension. You can save the batch 
file to a network folder located above all the 
installation media you use, to make it easy to 
locate each time you need to add or remove 
a standard installation item. 

Given a large infrastructure and budget, 
a tool such as SMS is still a winner, not least 
because it does other things in addition to 
automating software setup. But when you 
don't have that tool, using a batch file with 
the Start command returns a lot of value for 
the investment of only a little time. ^ 
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M icrosoft Exchange Server 2007 is geared toward 
deployment in multiserver environments. By 
default, it's designed to work with at least two 
physical servers: one for the Edge Transport 
server role, the other for the remaining roles 
(Hub Transport, Mailbox, Client Access, and 
Unified Messaging). Although Microsoft highly recommends using 
Exchange 2007 with at least two physical servers, in certain scenarios 
you'd want to install and run Exchange 2007 on one machine. For 
example, a small business might not be able to afford dedicating 
more than one server to running Exchange. 

The good news is, Exchange 2007 can work in a single-server 
deployment scenario, but to make this happen, you need to perform 
several configuration steps. To deploy Exchange 2007 in a single¬ 
server environment, you must install three crucial server roles (Hub 
Transport, Client Access, and Mailbox) on one machine, without 
installing the Edge Transport role at all. Instead, you need to config¬ 
ure the Hub Transport role to perform the job for both Hub and Edge 
roles. (Of course, you'll also need to set up Active Directory—AD, the 
Global Catalog, and DNS—preferably on a different physical server 
than the Exchange server.) You'll also need to be aware of several 
downsides of single-server deployment. First, in this setup, all 
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■DEPLOY EXCHANGE 2007 ON ONE SERVER 


"In a single-server scenario, I highly 
recommend you use a firewall capable 
of application-layer filtering" 


Exchange 2007 roles on the server are avail¬ 
able from—and exposed to—the Internet, 
which poses a security risk. (A firewall can 
mitigate this risk.) Second, having all roles 
on one Exchange 2007 server makes your 
server the single point of failure. Finally, 
because you'll need to implement anti¬ 
spam and antivirus protection on the Hub 
Transport role, you should expect more load 
on the server's resources. Assuming you've 
addressed these issues, your next step is to 
learn more about the roles you'll need to 
configure for single-server Exchange 2007, 
then walk through the procedure for setting 
up those roles. 

Role Differences in a Single-Server 
Environment 

When you configure Exchange 2007 on your 
server, your first task will be to configure the 
Edge Transport and Hub Transport roles 
to handle only intra-organizational mes¬ 
sage traffic. By default, the Hub Transport 
server role cannot deliver messages to users 
outside an Exchange organization, nor 
can it receive messages from outside the 
organization. Normally, a Hub Transport 


server can communicate with other Hub 
Transport servers in the same organiza¬ 
tion as well as with Mailbox servers and 
with the Edge Transport server. (For more 
information about communication among 
the server roles and how messages flow 
between servers, see the sidebar "How Mes¬ 
sages Move in a Multiserver Exchange 2007 
Environment.") 

To enable Exchange 2007 to run in a 
single-server environment, then, you'll need 
to enable the Hub Transport server role to 
essentially function as an Edge Transport 
server since no Edge Transport server role is 
installed. You'll need to install the three essen¬ 
tial server roles—Mailbox, Client Access, and 
Hub Transport—on the same machine. In 
very small organizations, this server will prob¬ 
ably be a domain controller (DC) also. Since 


the Hub Transport role by default isn't con¬ 
figured to work without the Edge Transport, 
you'll need to perform these tasks to enable 
Hub Transport to do the work of an Edge 
Transport server as well as perform its own 
Hub Transport functions: 

• Enable the Hub Transport role to send 
messages directly to the Internet. 

• Enable the Hub Transport role to receive 
messages from the Internet. 

• Install and enable antispam functional¬ 
ity on the Hub Transport role. 

In contrast to the special configuration 
you'll need to do for the Hub Transport 
role, configuration of the Mailbox and Cli¬ 
ent Access server roles is almost the same 
as in a multiserver Exchange environment 
that includes an Edge Transport server. 
However, in a single-server Exchange 2007 
environment, the Mailbox role is far more 
exposed to potential Internet attacks than 
in an environment with an Edge Transport 
server, where the Mailbox and Hub Trans¬ 
port servers aren't directly connected to 
the Internet. In a single-server scenario, 
since the Mailbox server is located with the 
Hub Transport server (which is configured 
to work on the Internet) and Client Access 
server (which hosts Exchange Web services 
also available from the Internet), there are 
many more open ports to outside connec¬ 
tions. Thus, I highly recommend you use a 
firewall capable of application-layer filtering. 
Microsoft ISA Server 2006 is the best choice 
in this case since it supports Exchange 
2007 secure-server publishing. (You can 
learn more about securing Exchange 
2007 with ISA Server in the Web-exclusive 
article "Securing Exchange Server 2007 
Services with ISA Server 2006," October 
2007, InstantDoc ID 96957. ) I also strongly 
recommend running Security Configuration 
Wizard (SCW) after you install Exchange 
2007, to harden your Exchange server's 
security. Remember to import the Exchange 
2007 template to SCW before running the 
wizard. Now that you have a handle on 


How Messages Move in 
a Multiserver Exchange 
2007 Environment 

In a typical Exchange Server 2007 scenario, you'll have at least two 

physical servers, one of which is dedicated to the Edge Transport role. Here's how a message 
moves between the server roles in this scenario. When the Mailbox server notifies the Hub 
Transport server that the Mailbox server has a message for delivery, after the Hub Transport 
server processes the message, it decides whether that message should be transferred to 
another (or same) Mailbox server in a site, transferred to a Hub Transport server in another 
site, or forwarded to the Edge Transport server. All messages directed to Internet users (or 
users outside your Exchange organization) are forwarded to the Edge Transport server. This 
server uses public DNS servers to locate the destination mail server, then transfers the mes¬ 
sage by using SMTP or simply forwards the message to a smart host. Optionally, the Edge 
Transport server also applies transport rules on message or address rewriting, if these options 
are configured. 

On the other side, when an inbound message from the Internet reaches the Edge Trans¬ 
port server (this server is reachable via MX records in your domain's public DNS zone), anti¬ 
spam and antivirus agents process the message, the Edge Transport server applies transport 
rules (if there are any) to the message, and finally the Edge Transport server transfers the 
message to the Hub Transport server. The Hub Transport server searches the Global Catalog 
to locate the recipient's Mailbox server, then transfers the message to the user's mailbox. 
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send to internet Properties 


2<J 


General | Address Space Network | Source Server | 


Select how to send mail with this connector: 

iUse domain name system (DNS) "MX" records to route mail automatically i 
r~ Enable Domain Security (Mutual Auth TLS) 

C Route mail through the following smart hosts: 

cfb Add Edit 


Smart host 


Smart host authentication: 

None 

P Use the External DNS Lookup settings on the transport server 


Change... 


OK 


Cancel 


Apply 


Help 


Figure 1: Specifying a name-resolution method for a newly created SMTP 
Send connector 


click New Send 
Connector. 

On the first 
screen, enter the 
SMTP connector 
name (e.g., send to 
internet) and in the 
Select the intended 
use for this connec¬ 
tor drop-down list, 
select Internet. Click 
Next, and on the 
Address Space page, 
click Add. In the 
Domain field, enter 
an asterisk (*). By 
entering this, you're 
essentially creating 
a connector that 


the server-role differences, you're ready 
to start the actual configuration. This arti¬ 
cle assumes that you've already installed 
Exchange 2007 on the server. 

Configure Hub Transport to Send 
Email to the Internet 

To enable the Hub Transport server role to 
send messages to the Internet, you'll need 
to configure the name-resolution service 
and the SMTP Send connector. The Hub 
Transport server role must be able to resolve 
Internet DNS names based on the recipi¬ 
ent's email address and locate the correct 
destination SMTP server for message deliv¬ 
ery. To enable Internet message delivery, 
you'll have to create the Internet SMTP 
connector on the Hub Transport server. The 
Send connector represents a logical gateway 
through which outbound messages are 
sent. It controls outbound connections from 
the internal sending server to the external 
receiving server or destination email system. 
By default, no explicit Send connectors are 
created when the Hub Transport server role 
is installed. 

To create the SMTP connector, open 
Exchange Management Console (EMC), 
navigate to Organization Configuration, and 
open Hub Transport. Then click the Send 
Connectors tab, and in the Actions pane, 


Listing 1: Creating an SMTP Send Connector 


new-SendConnector -Name 'Send to Internet' -Usage 'Internet' 
-AddressSpaces 'smtp:*;l' -DNSRoutingEnabled $true 
-UseExternalDNSServersEnabled $false -SourceTransportServers 


send to internet Properties 


General | Address Space ) Network] Source Server | 
jsend to internet 


Connector status: 
Modified: 


will send a message to any domain on the 
Internet. If you want to create a connector 
for a specific domain, instead of entering *, 
enter a domain name and the options for 
that domain. 

Click Next, and on the Network tabbed 
page select an option for name resolution, 
as Figure 1 shows. 

The default option 
is to use DNS MX 
records to route 
email. This means 
that your Exchange 
server will use the 
destination domain 
name to query 
your locally config¬ 
ured DNS for the 
IP address of the 
destination mail 
server. After that, 

Exchange will look 
for the MX record 
in the destination 
zone to locate the 
mail server. At 

this point, you can also enable mutual 
authentication by Transport Layer Secu¬ 
rity (i.e., by selecting the Enable Domain 
Security... option) if you want to enable 
mail servers to authenticate to each other 


before starting communications. However, 
this option might not work with all Internet 
mail servers that your Exchange server com¬ 
municates with, since not all mail servers 
support this feature. 

The second option for name resolu¬ 
tion is to route mail through a smart host 
server. This means that your Hub Transport 
server simply forwards every message to the 
specified smart host server (e.g., your ISP's 
mail server), which will handle the entire 
message-delivery process. This is a suit¬ 
able option when you don't want to handle 
name resolution for messages locally (e.g., 
you don't want to allow local DNS servers 
to access the Internet) and have an external 
mail server available to serve as your smart 
host. On this page you can also select the 
Use the External DNS Lookup settings on 
the transport server option, which lets you 
use a separate DNS server (or servers), only 
for sending messages. (To configure these 
DNS servers' addresses, you'll need to use 
the Set-TransportServer cmdlet.) Click next 
in EMC, add the source server (since we 
have only one server, this server is selected 


*J 


Enabled 

Wednesday, February 06, 2008 11:02:28 PM 


Protocol logging level: |"Ng 

Specify the FQDN this connector will provide in response to HELQ ^^^^^ 
J exchange, adatum. com 

(E xample: mail, contoso. com) 


OK 


Cancel 


Apply 


Help 


Figure 2: Setting the protocol-logging level and FQDN 


ServerName' 


by default), click Next again, and click New 
to create the new SMTP Send connector. 
If you'd rather use Exchange Management 
Shell (EMS) instead of EMC to configure 
the SMTP Send connector, you can do so by 
using the cmdlet in Listing 1. (The cmdlet 
wraps to multiple lines in print; you'd type 
it on one line in EMS.) 

After you've created the connector, right- 
click it and select Properties. You need to set 
a few more options before you can use the 
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.INFRASTRUCTURE LOG 

_DAY 51: We can’t work the way we want! We’re not 
collecting or sharing knowledge! How can we unlock our 
talents when we’re cut off from each other like this? 

.Everyone feels like they’re working in a bubble. 

.DAY 52: The answer: the new generation of collaboration 
tools from IBM. Lotus helps us organize, share knowledge 
and communicate around our work to transform our ideas. 
Its flexible, security-rich portfolio integrates with what 
we have now and will have in the future. And IBM services 
can build a collaboration solution that’s right for us. 

.The bubbles are gone. They were very satisfying pops. 


Lotus. 


Watch the Lotus Collaboration demo at: 

IBM.COM/TAKEBACKCONTROL/LOTUS 


IBM, the IBM logo, ibm.com, Lotus and Take Back Control are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, 
or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common 
law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM 
trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml. ©2008 IBM Corporation. All rights reserved. 
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Figure 3: Configuring antispam options on the Hub Transport server 


new connector. First, set the Fully Qualified 
Domain Name (FQDN) for the new con¬ 
nector and the protocol-logging level (None 
or Verbose), as Figure 2, page 62 shows. The 
FQDN is actually the name that your server 
will use to present itself to other SMTP serv¬ 
ers on the Internet; usually this is your mail 
server's public FQDN. Next, open the Net¬ 
work tab. On the Network page, you can select 
the way your server authenticates to the smart 


host, if you configured one. If not, you're done 
here. 

Now your Hub Transport server can 
send messages both internally and to the 
Internet. At this point, you can try to send a 
message to someone outside your organiza¬ 
tion. You should be able to do so; however, 
you can't receive messages yet. So, your next 
step is to configure the Hub Transport server 
so that it can receive Internet email. 


Configure Hub 
Transport to 
Receive Internet 
Email 

To enable the Hub 
Transport server 
to receive mes¬ 
sages from external 
sources, your first 
task is to configure 
an accepted domain 
for your Exchange 
organization. An 
accepted domain is 
any SMTP domain 
for which your 
Exchange server 
sends or receives 
email. Accepted 
domains include 
those domains for 
which the Exchange organization is authori¬ 
tative (i.e., the server handles mail delivery 
for recipients in that domain) as well as 
domains for which the Exchange organi¬ 
zation receives mail, then relays it to the 
external mail server. You must configure 
at least one accepted domain before you 
can use that SMTP namespace in an email 
address policy. 

To configure the accepted domain, open 
EMC, navigate to Organization Configura¬ 
tion, open the Hub Transport node, and go 
to the Accepted Domains tab. Click New 
Accepted Domain in the Actions pane to 
start the wizard. On the first page, enter 
the domain's name (this will probably be 
the name of your domain) and FQDN of 
the accepted domain. When you enter the 
accepted domain, you can use a wildcard 
character in the address space, to indicate 
that all subdomains of the SMTP address 
space are also accepted by the Exchange 
organization (e.g., *.microsoft.com will also 
accept all subdomains of Microsoft.com 
domain). 

Next, select Authoritative Domain, which 
indicates that your server is responsible for 
mailboxes in that domain, and click New to 
create the new accepted domain. You can 
repeat this procedure for any domain that 
you want to accept messages for, but make 
sure that you configure MX records for these 
domains to point to your mail server. 

Now you need to configure the Receive 
connector. The Hub Transport server has 



Figure 4: Setting content-filtering properties on the Hub Transport server 
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_DAY 54: This gap between LOB and IT is getting out of 
hand. Our business processes are rigid and inflexible. 
We can’t react to changes in the business environment. 
We’ve got to find a way to bridge the chasm. 

_Gil’s gonna jump it. I think he needs a bigger engine. 

_DAY 55: I’m closing the gap with a Smart SOA™ approach 
from IBM. They offer a full range of hardware, software 
and services to speed alignment of LOB and IT. They’ve 
proven themselves in over 6,550 SOA engagements of all 
sizes. Now we have the agility to respond to change. 

_Gil says from now on, he’s not jumping metaphors. 




Watch the Smart SOA demo at: 

IBM.COM/TAKEBACKCONTROL/SOA 


WebSphere 


IBM, the IBM logo, ibm.com, Smart SOA, WebSphere and Take Back Control are trademarks or registered trademarks of International Business Machines Corporation in the United States, other 
countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or 
common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM 
trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml. ©2008 IBM Corporation. All rights reserved. 














■DEPLOY EXCHANGE 2007 ON ONE SERVER 


Learning Path 

Learn more about Exchange 2007 

server roles: 

"Configuring Exchange Server 2007," InstantDoc ID 
96044 

"Exchange Server 2007 New Features," InstantDoc 
I D 94501 

"Exchange 2007 Server Roles and You," InstantDoc 
I D 53882 

"What are the Microsoft Exchange Server 2007 server 
roles?" InstantDoc I D 93951 

Learn more about Exchange Server 

security: 

"Securing Exchange Server 2007 Services with ISA 
Server 2006," InstantDoc I D 96957 

"Securing Microsoft Exchange Server 2007," InstantDoc 
ID 97079 


two default receive connectors, but both 
connectors require authentication. Because 
you want your Hub Transport server to 
accept messages directly from the Internet 
(not from the Edge Transport server), you'll 
need to allow an anonymous connection. To 
do so, open the Server Configuration node, 
click Hub Transport, and in the middle 
pane right-click the Default ServerName 
connector and select Properties. Open the 
Permission Groups tab and click the Anony¬ 
mous users checkbox. Leave the other check 
boxes as is. Click OK when you're done. 

Note that there's one more Receive con¬ 
nector, the Client ServerName connector. 
That connector is configured to work on 
port 587 and is intended to be used by POP3 
and IMAP4 clients for sending messages 
with TLS authentication. You can easily 
change this port number by editing the con¬ 
nector's properties. Don't allow anonymous 
connections on this connector. 

Enable Antispam Functionality on 
Hub Transport 

Since you aren't using an Edge Transport 
server, you have to implement antispam pro¬ 
tection on the Hub Transport server role. By 
default, antispam functionality isn't installed 
on the Hub Transport server; you'll need to 
use EMS commands to install it. To do so, 
open EMS, navigate to the folder in which 
you've installed Exchange Server (the default 
path is C:\Program Files\Microsoft\Exchange 
Server), then navigate to the Scripts subfolder. 
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Now enter the following command: 

Instal1-AntispamAgents.psl 

This command adds antispam functionality 
to the Hub Transport server. Close EMC and 
reopen it, open the Organization Configura¬ 
tion node, and click Hub Transport, and 
you'll notice a new Anti-spam tab. Click 
that tab, and you'll see various features for 
anti-spam functionality, as Figure 3 page 
64, shows. 

The first capability you should configure 
here is content filtering. Open the Con¬ 
tent Filtering Properties page and click the 
Action tab. Here's where you'll configure 
actions for messages after they're assigned 
a spam confidence level (SCL) value. Three 
actions are available: delete, reject, and 
quarantine. I suggest your initial configura¬ 
tion be to delete messages with an SCL of 9, 
reject messages with an SCL of 8, and quar¬ 
antine messages with an SCL of 7. In this 
configuration, messages with an SCL of less 
than 7 will be delivered to user's mailbox, 
as Figure 4, page 64, shows. Since Exchange 
2007's built-in spam filter is intelligent and 


learns over time, after a while you'll prob¬ 
ably want to change those actions to values 
that better fit your needs. 

On this page, you'll also need to con¬ 
figure a spam mailbox—the mailbox that 
will hold all quarantined messages. It's a 
good idea to create a mailbox solely for this 
purpose. The administrator should check 
this mailbox periodically and search for false 
positives—that is, quarantined messages 
that should be delivered to users. 

Other options on Anti-spam tab let you 
configure IP allow and IP block lists, if you 
want to explicitly allow or block certain IP 
addresses from communicating with your 
mail server. You can also configure Exchange 
to receive allow and block lists from external 
service providers. Additionally, you can 
configure recipient and sender filtering and 
Sender ID and sender reputation options. 
Recipient filtering and sender filtering let 
you block a specific recipient or sender 

We're in IT with You 


from receiving or sending messages. Sender 
ID seeks to verify that every email message 
originates from the Internet domain from 
which it claims to have been sent. This is 
accomplished by checking the address of 
the server sending the email against a reg¬ 
istered list of servers that the domain owner 
has authorized to send mail. Sender reputa¬ 
tion is an antispam functionality designed to 
block messages according to many sender 
characteristics. Sender reputation relies on 
persisted data about the sender to deter¬ 
mine what action, if any, Exchange should 
take on an inbound message. 

Ready for Email 

Once you've verified that AD is working 
correctly and all Exchange services are 
functional, you're ready to start using your 
Exchange 2007 server to send and receive 
email. As you've seen, installing Exchange 
2007 on a single server is feasible if you 
know what steps to perform and are aware 
of the configuration differences in this 
setup as compared with a more typical 
multiserver Exchange 2007 environment. 


Although a single-server Exchange 2007 
solution can be cost-effective and fully 
functional, the biggest concern about 
this type of setup is security, since certain 
resources, most notably the Mailbox role, 
are exposed to the Internet. If you're going 
to set up a single-server Exchange solution, 
I also recommend that you implement 
more than one hard disk in your Exchange 
server as well as configure local continuous 
replication for high availability. ^ 

InstantDoc ID 99392 


Damir Dizdarevic 

(ddamir@loqosoft.ba) , manager 
of the Learning Center at Logosoft 
in Sarajevo, Bosnia, has published 
more than 350 articles. He's an 
MVP for Windows Server Infra¬ 
structure Management, and an 
MCSE, MCTS, MCITP, and MCT. 

He specializes in Windows Server 
security. 


"Since you aren't using an Edge Transport 
server, you have to implement antispam 
protection on the Hub Transport role." 
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Custom Document Management 

I'm often asked, "How can I hook my existing applications into SharePoint 
to leverage SharePoint's collaboration features?" One of our applications is a 
custom Microsoft .NET application that—put simply—generates specifications 
about venues so that engineering and production staff know what types of situations 
they'll be dealing with. One of the outputs of the application is a PDF file about the venue. In 
this Games, the application was modified so that instead of storing the PDFs in a traditional file share, 
the PDFs are saved to a SharePoint document library. 

You have several options for saving PDFs to a document library. The most complex and rich method 
is to use code (or a third-party tool) to generate the PDF on the SharePoint server, then develop custom 
code using the SharePoint object model to manage document metadata (columns) and manipulate the 
document library. But there are easier methods. You can email-enable a document library so that email 
messages with an attached document can be sent to the library, and the library will receive that message 
and automatically store the document—and, optionally, the message as well. This is one of the easiest 
ways to extend existing applications: just have the applications email the document to the address of the 
library. Note that this method effectively populates the document library, but you would need a workflow 
or other programmatic or manual method to configure document metadata. 

You can also use Web Distributed Authoring and Versioning (WebDAV) to interact with SharePoint 
document libraries. Our custom application saves its PDFs to the document library using the URL of the 
library. WebDAV lets you use standard Windows methods to retrieve documents from a library—you can 
even map a drive to a document library. Therefore, we also used WebDAV to implement simple document 
library replication. The PDFs generated by the custom application need to be available on servers in both 


These four 
real-world 
applications 
will inspire your 
own business 
solutions 

by Dan Holme 


I 'm honored to work with some of the greatest IT teams on the 
planet, including the awe-inspiring folks at NBC Olympics, who 
play a pivotal role in bringing the Olympic Games to the air 
and to the Internet every two years or so. This summer, in 
Beijing, we're making more use of SharePoint than ever 
before, and I want to share with you four of the tasks we've 
conquered by using SharePoint. I'll explain how to tie existing 
applications into SharePoint; replicate documents between docu¬ 
ment libraries; create intelligent, form-based applications; and 
develop multiuser applications that provide rich client and Web- 
based interfaces. I hope to give you insight into real-world uses of 
SharePoint, teach you what we've learned along the way, and inspire 
you to use SharePoint to provide new types of business solutions. 
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Beijing and New York. We needed a low- 
overhead way to get documents from Beijing, 
where the documents are generated, to New 
York, where they are available in a read-only 
library. We opted to use a scheduled task to 
launch Robocopy to mirror the contents of the 
document library in Beijing to the document 
library in New York. 

When you use WebDAV to interact with 
a document library, you lose metadata 
richness. So, for example, we can't mirror 
metadata about a document in Beijing to 
New York. But metadata replication wasn't 
a requirement, so by focusing on the core 
requirement, we found a solution that the 
team liked and that took less than an hour 
to implement. If our requirements were any 
deeper, we would have needed a third-party 
content replication application. 

Help Desk Application 

The site templates available out of the box 
with SharePoint are generic at best. If you 
need a SharePoint application that sup¬ 
ports a specific business task, function, or 
department, you're out of luck. Out of luck, 
that is, unless you turn to the Fabulous Forty 
application templates that Microsoft has 
developed. Application templates provide 
a lot of cool, out-of-the-box functionality 
through custom lists, libraries, workflows, 
content types, and Web parts. The Fabulous 
Forty includes templates for dozens of sce¬ 
narios, including a Help Desk template that 
we'll be customizing to support the Help 
desk for NBC during the Games. You can 
download the templates at www.microsoft 
. com/downloads/info. aspx?na=22&p=l 
&SrcDisplayLang=en&SrcCategoryId=& 
SrcFamilyId=&u=%2fdownloads%2fdetails 
.aspx%3fFamilyID%3d5807b5ef-57al-47cb- 
8666-78c1363f 127 d%26DisplayLang%3den. 

In Beijing, we need an application to 
support the Help desk, which exists for about 
four weeks and is crucial to operations. But 
the limited lifetime of the application means 
that we need an inexpensive, easy-to-use- 
and-maintain solution. We used the Windows 
SharePoint Services (WSS) 2.0 Help Desk 
application template in Torino, and we'll be 
making even more use of the WSS 3.0 version 
in Beijing. 

The template provides a ticketing system 
that lets our Help desk staff enter tickets, 
update and track issues, and assign tickets 
and tasks, which is important because a 
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ticket might cross from one shift to another. 
The template also lets our Help desk man¬ 
ager monitor progress on tickets and pull 
reports. I'll be monitoring the template to 
look for common concerns that we can 
address with training or through configura¬ 
tion changes to clients and applications. 

Because you can extend these templates, 
we'll add a Calendar list to incorporate our 
Help desk staff scheduling so that we always 
know who is on duty and which escalation 
points are on call. We'll use a Contacts list to 
store the contact information, and we'll have a 
mobile access page for that list so that we can 
get to contact information using a PDA from 
anywhere on our network. 

Content Delivery 

If you've paid any attention to the prepara¬ 
tions for the broadcast of this Olympics, 
you'll know that a huge amount of content 
will be made available over the Web and to 
your mobile devices. For the first time, you'll 
be able to watch events from any device and 
be able to see events and competitors you've 
never had the chance to see before. In Salt 
Lake City and then Torino, where NBC 
expanded its coverage to a broad range of 
broadcast and cable channels, the sport of 
curling caught fire. I'm excited to see which 
sports, countries, and athletes capture our 
imagination this summer! 

To get all that content to the right media 
outlets, a dedicated video distribution appli¬ 
cation takes video packages and delivers or 
streams them. A large amount of metadata 
accompanies each package—metadata that 
varies per outlet. For example, the "Title" 
field can be long on Amazon.com, but must 
be short for mobile Multimedia Messaging 
Service (MMS) delivery. 

Additionally, editors must be assigned to 
create the packages. To make it possible for 
mere mortals to enter all this data, preferably 
before the Games begin, we need a user- 
friendly interface that exposes just the right 
data, performs data validation, ensures that 
required fields are completed, then trans¬ 
forms all this information into the XML file 
required by thevideo distribution application. 
Once again, SharePoint came to the rescue. 

We built the UI—the form—by using 
InfoPath 2007, which allows us to embed 
the business logic into the form so that 
when an editor works on metadata for a 
specific package, the only fields that appear 
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are those needed by the appropriate outlets. 
The form also makes sure the data complies 
with the datatype and content requirements 
of the video distribution application. 

So that we don't have to deploy the 
InfoPath client on our systems, we're using 
InfoPath Forms Services, a feature of Micro¬ 
soft Office SharePoint Server (MOSS) 2007 
Enterprise Edition, to render the forms in 
users' browsers. When a form is saved, the 
data is stored in a SharePoint list, and a 
custom application page uses a workflow 
to publish the data to the XML format that 
the video distribution application requires. 
This application is the most heavily coded 
application of the four SharePoint solutions 
I'm describing in this article, and even this 
application took two smart folks from Net- 
Fusion, a Microsoft Gold Partner, less than 
two weeks to create. It would have taken 
months without the functionality that Info¬ 
Path and MOSS provided. 

I'll create custom views of the SharePoint 
list, add alerts, and create Microsoft Excel 
reports linked to data in the list. These tools 
will allow editors, producers, and manage¬ 
ment to perform their responsibilities related 
to the process. So if you watch any of the 
Games on a device other than a television, 
know that SharePoint helped it get to you. 

Transportation Management 

Speaking of applications that could have 
taken months to create, let's talk about the 
transportation management application we 
developed in just a few days, without ever 
opening Visual Studio. NBC's thousands 
of employees, contractors, and vendors 
need to travel all over Beijing. And you'll 
know when watching the Games what a 
masterful feat it is to move team members 
from point A to point B. The transportation 
group consists of a handful of talented folks 
who must coordinate hundreds of rides 
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every day for more than three months and 
oversee as many as 200 vehicles and drivers. 
We had to provide a way to make it all easier 
to manage. 

The transportation management appli¬ 
cation needed to allow any transportation 
team member to enter information about a 
ride request, assign a vehicle and driver (a 
“transfer”) to fulfill the request, and enable 
monitoring and reporting of the transporta¬ 
tion group's activities. In previous Games, all 
ride requests were submitted by phone. This 
time, we wanted to let users submit requests 
online. Because SharePoint can use alerts 
and workflows to notify users when data 
changes, I wanted the application to notify a 
user when his or her ride request had been 
assigned a transfer, so that the user would 
know which vehicle to look for, when the 
ride would depart, and who else was going 
on the same ride. 

The challenge with this application 
began with the data tables. To properly 
support the application, we needed tables 
with vehicle information, ride requests, and 
locations. The transportation team needed 
to be able to easily pull up information 
such as addresses, maps, and even photos 
of buildings. SharePoint isn't built to cre¬ 
ate or support relational databases out of 
the box. However, with Microsoft Access 
as a client, you can create an application 
that provides, through queries, the ability 
to relate data in various lists and delivers a 
rich, form-based interaction with that data. 
Traditional Access applications had data 
in tables within the database (.mdb) itself. 
Many IT pros have learned that you can gain 
a lot by putting the data on SQL Server or, 
now, a SharePoint server instead, and use 
Access only as the front-end application. 

There are several ways to build Access 
applications that are front ends to Share- 
Point lists. You can build an Access database 
and use the migration wizard in Access 2007 
to move tables to a SharePoint site as lists. 
Or you can create the lists in SharePoint and 
pull them into an Access database appli¬ 
cation as linked tables. I chose the latter 
method. 

Access then lets you create queries and 
rich forms; any additional functionality you 
need becomes an Access programming task 
rather than a SharePoint programming task. 
For example, I wanted to give the transporta¬ 
tion team a way to identify which of the 200 


vehicles were available at a specific place and 
time to fulfill a ride request. This required a 
fairly sophisticated SQL query, which I built 
in Access with help I found via my favorite 
Internet search engine. I also wanted fields 
to autopopulate data to reduce data entry for 
users and transportation managers. I accom¬ 
plished this with simple Visual Basic for 
Applications (VBA) code behind the Access 
forms. In less than three days, I had a rich 
application that will support our complex 
transportation management needs. 

But I also wanted to provide some of the 
“nice to have" functionality for this applica¬ 
tion. First on my list was a Web form for 
users to submit ride requests. This was easy 
thanks to SharePoint Designer. I created a 
new Web form, dragged my SharePoint list 
onto the form to create the data connection, 
then modified the Insert template, which is 
the form rendered by the server when a user 
creates a new record. Within an hour, I had 
the form I wanted. 

The next step was to create alerts for 
users. I created a custom view of the ride 
request list, called My Rides, which filters 
the list to look for items for which the Cre¬ 
ated By field was equal to [Me], a special 
token in SharePoint that translates to the 
current user. So when I go to the list, I see 
only my rides, and when another user goes 
to the list, she sees only hers. 

One of the lesser-known features of Share- 
Point alerts is that when you create a cus¬ 
tom view, you can generate alerts, based on 
changes to data, that appear in that view. So 
your view can be a filter for your alerts. This 
feature isn't well known because the option 
for creating a view-based alert appears only 
after you create a custom view, so you might 
not have ever noticed that option. After I cre¬ 
ated the My Rides view, I assigned the view to 
all users. Now, when anything changes about 
a ride for a user, the user will receive an alert 
with the appropriate information. We'll be 
testing the alert-based notification for a few 
weeks. If it doesn't meet our needs, I'll use 
SharePoint Designer to create a custom work- 
flow to achieve the same email notification. 

I learned some important lessons from 
building this application. Because SharePoint 
doesn't support relational data very well, I 
needed to denormalize some data points. 
That is, I have some redundant information 
across tables. For example, when a user's ride 
request is fulfilled as a transfer, the vehicle 


number is entered into the transfer table and 
into the ride request table. Code within the 
Access form enters the data automatically, but 
it's redundant. That was necessary to give the 
correct experience and information when a 
user visits the site online or receives an email 
notification. SharePoint has lookup fields, but 
working with them can be difficult (e.g., there 
are places where doing searches, sorts, and 
queries based on their content isn't so easy). 
So, I cut my development time significantly 
by entering information into two fields—a 
lookup field, which lets users jump to related 
items via a link when visiting the application 
online, and a normal text field, which is easier 
to manipulate programmatically and to gen¬ 
erate views and queries. 

Using Access as a front end to a Share- 
Point application isn't the right solution for 
every challenge, but since we had a limited 
number of internal transportation manag¬ 
ers who need to interact with the data in 
a rich way, we can deploy Access to their 
systems. All other users will be interacting 
with the ride request form and with the ride 
list online, and with email notifications. We 
could have created part of the solution using 
SharePoint Designer and its powerful Data 
View Web part, or we could have opened 
Visual Studio. But we met our requirements 
with an easy solution within which the only 
custom code is related to automating the 
process and reducing data entry. 

On to the Games 

These four applications demonstrate some 
interesting uses of SharePoint to solve prob¬ 
lems. I'm writing this article a few months 
before the Games, and by the time you read 
this, we'll be running full speed toward the 
Opening Ceremony on August 8. We'll have 
learned even more by then, and you can 
learn about these applications at my blog, 
share.intelliem.com/cs/blogs/danholme. 
-—- ^ 

InstantDoc ID 99504 


Dan Holme 

(danh@intelliem.com) is director 
of consulting at Intelliem, which 
delivers solutions-focused training 
and consulting services support¬ 
ing enterprise SharePoint, Office, 
Windows, and Active Directory 
implementations. He's also the 
community leader of www 
.officesharepointpro.com. 
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Introducing an integrated approach to complete 
SharePoint protection and management 
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Changing the way Administrators manage SharePoint 



Backup & Recovery 


Administration & Replication 
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Migration to SharePoint 


FREE 30 DAY TRIAL 
Download at 
www.avepoint.com 


SharePoint management made simple. 

Now you can control and manage the back-end of 
all your SharePoint environments from one place. 
DocAve is the only truly integrated, easy-to-use 
software that offers a complete set of SharePoint 
backup, recovery, and administration tools. One 
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now gives you power like never before. 


Complete SharePoint protection. 

With item-level backup and full-fidelity restore, 
DocAve allows for fast recovery of business critical 
documents and content. Complete SharePoint 
platform backup allows for quick and painless 
recovery of the entire system during a disaster. 
With DocAve, you’ll have complete confidence 
in your SharePoint environment. 



AvePoint 


Call 1-800-661-6588 or visit wwwJVyePoint.com for 
more information or to download a free trial. 
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READER: 

Ashok Bhatla 
Systems programmer 

PRODUCT: 

ASP.NET Version Switcher 

COMPANY: 

Denis Bauer 

CONTACT: 

www.denisbauer.com 


ASP.NET Version Switcher 

Why pay for something when a free tool 
will do the job? Systems Programmer 
Ashok Batla was looking for a way to 
change the .NET Framework version 
when ASPX pages are compiled. After 
a bit of searching the Web, Bhatla 
came across 
ASP.NET 
Version 
Switcher, a 
freeware utility 
created by Denis 
Bauer. 

"We [began 
using] a new 
platform for our 
Web sites. All of 
our applications 
were using dif¬ 
ferent versions 

of the .NET Framework," says Bhatla. 

"In IIS 5.0, we could switch the version 
of the .NET Framework by using the IIS 
admin tool. After we moved to IIS 6.0 on 
a 64-bit OS, we had many versions of the 
.NET Framework, and different Web sites 
needed different versions to run—and IIS 
6.0 wouldn't let us switch the .NET Frame¬ 
work version. ASP.NET Version Switcher 
solved that issue for us. It worked like a 
charm, and it was super easy to install and 
use." 

Bhatla says that Denis Bauer has devel¬ 
oped many useful tools for .NET develop¬ 
ers, and he hopes to see Bauer develop 
even more useful utilities. "Denis Bauer's 
ASP.NET Version Switcher was an excellent 
freeware utility that solved a problem for 



"This tool was 
an immense 
help when 
we moved over to 
64-bit [hardware]. 
There are couple of 
other tools/utilities 
from Denis Bauer, 
and they're all an 
immense help for 
.NET applications." 

us," says Bhatla. "Installation was very easy, 
and we haven't had any issues with the 
product." 


Have you discovered a great product that saves you time and money? Do you use 
something you wouldn't wish on anyone? Tell the world in a review right 
here in What's Hot: Readers Review Hot Products. If we publish your opinion, 
we'll send you a Best Buy gift card and a free VIP subscription to Windows IT 
Pro! Send information about a product you use and whether it helps you or 
hinders you to whatshot@windowsitpro.com. 
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WHAT’S NOT 
Say Goodbye to Windows XP 

Despite being faced with sluggish 
Windows Vista sales and an overly 
hostile reception from critics, Micro¬ 
soft has finally driven the stake 
through the heart of Windows XP.The 
IT sector has weathered the recent 
economic downturn fairly well, but 
cash-strapped IT managers are loath 
to abandon Windows XP—a proven 
and reliable OS—for a new one that 
likely requires an expensive hardware 
refresh. Everyone knows that we can't 
run on XP forever, but is pulling the 
plug on XP now the best strategy? 

The Retirement of Bill Gates 

Bill Gates has finally left the company 
he helped co-found more than three 
decades ago. While some would 
argue that his legacy will be a mixed 
one, Microsoft clearly won't be the 
same without him. Critics may point 
to ruthless Microsoft business prac¬ 
tices and a no-holds-barred competi¬ 
tive streak, but those complaints pale 
in comparison to the transformative 
role that Gates has played not just 
in the IT industry, but in the world 
at large. 

Virtualization Confusion 

Finally, everyone knows that server 
virtualization has great cost and 
power-saving benefits. Beyond that, 
the marketing departments at all vir¬ 
tualization vendors should be taken 
to the woodshed for their failure to 
agree on common virtualization ter¬ 
minology. Case in point: Ask VMware, 
Intel, and Microsoft what desktop 
virtualization means, and you'll get 
three different answers. Ford, GM, 
and Toyota all agree on what a car is. 
Shouldn't virtualization vendors do 
the same with desktop virtualization? 

Care to suggest any other things that 
are driving you (and your IT depart¬ 
ment) nuts lately? Drop me an email 
atjjames@windowsitpro.com and 
vent away. 


www.windowsitpro.com 
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Welcome to KACE Time. 
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KACE and KBOX are trademarks of Kace Networks Inc. All other registered trademarks are owned by their respective companies. 
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Website Builder 

18 Pages 
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Marketing Center 
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Premium Software Suite 
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Search Engine Submission 
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90-Day Money Back Guarantee 
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Support 
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■ WHAT’S HOT 


Kerio Mail Server 6 

Despite the dominance of Microsoft Exchange Server in the 
enterprise, many people prefer to look for an alternative. There are 
several reasons why someone might snub Exchange: Perhaps it 
was too complex, or too expensive, or didn't have the specific fea¬ 
ture set needed. Such was the case with Akis Fotakelis, a systems 
administrator (and Windows IT Pro contributor) who needed an 
Exchange alternative. 

"Back in 2003,1 was looking for a solution to replace our 

Solaris mail server with 
one running on Windows 
that would also integrate 
with AD,"says Fotakelis. "I 
excluded Exchange due 
to its complicated nature, 
and a colleague suggested 
Kerio Mail Server (KMS). 

I tested KMS against two 
other solutions, and KMS 
prevailed." 

Fotakelis says that KMS 
was easier to use, less 
expensive, and provided 
more functionality than 
other products he exam¬ 
ined, and it provided the 
integration with Active 
Directory (AD) that he 
needed. "[KMS integrates] 
with AD when I need it, but 
it also lets me create users 
and mailboxes without 
having to associate them 
with a domain account," 
says Fotakelis. KMS was also 
considerably less expensive 
than other solutions he considered, and that was clearly a big 
factor in his purchase decision. "The price was a real bargain. Not 


"The only 
problems I 
faced were a 
result of human 
configuration 
errors, [but 
Kerio's] 
awesome 
error and 
event logging 
options helped 
us solve those 
problems 
easily." 



P 


only could I install it on a worksta¬ 
tion—saving the license for a Win¬ 
dows server—but I saved money 
from buying separate programs 
for antispam, antivirus, backup, 
archiving, monitoring, and mailing 
list management." 

The lack of cluster support is 
one negative that Fotakelis points 
to, and he also ran into a few 
other minor issues with the product."! encountered two problems 
with Kerio. The first one was due to a domain security policy that 
we tightened and KMS stopped working—but thanks to [the KMS] 
error log file I easily found the solution in minutes," says Fotakelis. 
"In another case we forgot the admin's password, and the proce¬ 
dure that Kerio mentions on its site to reset it did not work. [We 
solved that] by restoring the settings file and restarting the KMS 
service." 


READER: 

Akis Fotakelis 
Systems administrator; 
Windows IT Pro 
contributor 

PRODUCT: 

Kerio MailServer 6 

COMPANY: 

Kerio Technologies 

CONTACT: 

www.kerio.com 
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■ WHAT’S HOT 


"SQLconfig worked on our three-tier 
architecture [and offered] easy 
integration with MOM and NetlQ 
AppManager. It worked with our 
monitoring system also. It's a cool 
product if you have lots of SQL servers 
and databases to migrate" 


SQLconfig 

Database migration can be a stressful time for DBAs 
and IT pros, as it was for Systems Programmer Ashok 
Bhatla when he found himself working on a migration 
project. "We were migrating approximately 200 data¬ 
bases from standalone SQL instances to a four-node 
active/passive cluster [running on the 64-bit version] 

of SQL Server 
2005," says Bhatla. 

"As part of this 
migration, we had 
to keep track of all 
the changes to the 
databases, because the data¬ 
bases were for critical financial 
applications which were within 
the scope of the Sarbanes-Oxley 
auditing process." 

Bhatla said that the project 
involved more than 65 applica¬ 
tions and a host of engineering 
and IT personnel. When Bhatla 
looked for an enterprise SQL Server configuration management 


product to help simplify the task, he came across SQLconfig from 
Idera. 

"It worked on our three-tier architecture [and offered] easy 
integration with Microsoft Operations Manager (MOM) and NetlQ 
AppManager. As we were using MOM for our server monitoring, 
[SQLconfig] worked with our monitoring system also." Bhatla is 
planning to standardize on SQLconfig for auditing all platforms. 

"It's a cool product if you have lots of SQL Server systems and 
databases to migrate." ^ 

InstantDoc ID 99572 
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■CTRL+ALT+DEL 

by Jason Bovberg 



OK 


I'll do my best 



You should give my network a try! 


Our readers chime 
in on the phobias 
that keep them up 
at night. (Thanks to 
Curt Spanburgh,Tim 
Wiser, Tim Bolton, 

Mark M. Webster, and 
Brian Walker!) 

1. Fear of silence in the server room 

2. Fear of your manager asking, "Do we really 
need DNS?" 

3. Fear of power outages or other disasters while 
you're on vacation (with only a modem connection) 

4. Fear of fellow administrators touching your 
servers without your supervision 

5. Fear that the server running your monitoring 
software is down (or worse, fear that the mail 
server is down, and the monitoring server is 
trying to send you an email warning) 

6. Fear of the "Phantom Vibration"—when you 
think your cell phone is vibrating but it isn't 

7. Fear of clicking sounds 

8. Fear of the "Of course we use DCs to surf the 

Web; so what?" mindset 



Our 5 Favorite Tech IPitasfe 


i 


ExtremeTech 

www.extremetedi.com 


In theTrenches 
kevindevin.com 


IT Conversations 
itc.conversationsnetwork.org 


2 DiggNation 


revision3.com/diggnation 


This Week in Tech 

(TWiT) 

twit.tv 


if 


9. Fear of dropping your cell 
phone into the toilet at the 
airport 

10. Fear of retrieving your cell 
phone from the toilet at the 
airport 



Number of articles Paul Thurrott has written for the 
Windows IT Pro family of publications 


August 2008 issue no. 168, Windows IT Pro (ISSN 1552-3136) is published monthly. Copyright 2008, Penton Media, Inc., all rights 
reserved. Subscriptions in US, $54.95 for one year; in Canada, $59 US currency, plus GST for one year; in all other countries, US 
$99. Windows is a trademark or registered trademark of Microsoft Corporation in the United States and/or other countries, 
and Windows IT Pro is used under license from owner. Windows IT Pro is an independent publication not affiliated with Micro¬ 
soft Corporation. Microsoft Corporation is not responsible in anyway for the editorial policy or other contents of the publication. 
Windows IT Pro, 221 E. 29th St., Loveland, CO 80538, (800) 793-5697 or (970) 203-2782. Sales and Marketing Offices: 221 E. 29th 
St., Loveland, CO 80538. Advertising rates furnished upon request. Periodicals Class postage paid at Loveland, Colorado, and 
additional mailing offices. POSTMASTER: Send address changes to Windows IT Pro, 221E. 29th St., Loveland, CO 80539-0447. 
SUBSCRIBERS: Send all inquiries, payments, and address changes to Windows IT Pro, Circulation Department, 221 E. 29th St., 
Loveland, CO 80539. Printed in the USA. BPA Worldwide Member. 


SEND US YOUR INDUSTRY HUMOR! 

Email your industry humor, scandalous 
rumors, funny screenshots, favorite 
end-user moments, and IT-related pics 
t o rumors@windowsitpro.com. If we use 
your submission, you'll receive a 
Ctrl+Alt+Del coffee mug. 
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UPTIME COMES STANDARD. 

Xeon* 

inside™ 


Powerful. 


Efficient. 


!BM Syste m x3550 Express 
$2,205 


OR $56/MONTH FOR 36 MONTHS 1 


RUN YOUR CRITICAL APPLICATIONS WITH CONFIDENCE. 


IBM System x3550™ Express. It’s designed to stay up and 
running and help reduce system downtime. In fact, it can 
even identify a potential problem before it becomes one. 
And if you ever have to replace a component, you can do 
that without having to shut down. Just one more way the 
x3550 Express keeps downtime down. 

From the people and Business Partners of IBM. 

It’s innovation made easy. 


PN: 7978EJU_ 

Featuring up to two Quad-Core Intel® Xeon® Processors E5430 2.66GHz 
Hot-swap redundant cooling for high availability 
Includes IBM Director and PowerExecutive to help manage power 
consumption, increase uptime, reduce costs and improve productivity 
3-year on-site limited warranty 2 on parts and labor 



IBM SYSTEM STORAGE™ 
DS3400 EXPRESS KIT 

$13,793 

OR $352/MONTH FOR 36 MONTHS 1 


PN: 1726-42U 



IBM TIVOLI® CONTINUOUS DATA PROTECTION FOR FILES 

$42 per user 

PN: D613ALL 


All-in-one kit makes it easier to migrate from your DAS network to SAN Save and recovery technology enables file recovery to any point in time _ 

Includes IBM System Storage DS3400 Dual Controller, four IBM Emulex 42C2069 Continuous Data Protection (CDP) protects your data from the aftermath of a virus 
4Gb/s PCI Express HBAs, Brocade SAN 8 Port Fibre Channel switch (16 total attack or user error 

ports), twelve 4Gb/s SFPs, and eight 5-meter optical LC cables _ Up to 3 backup/replication areas help protect against corruption, file loss or 

Emulex EZ Pilot™ installation/management software included system loss 


COMPLIMENTARY SYSTEMS ADVISOR TOOL 

= = == express 

Want to find the right server or storage system for you? 

. advantage™ 

Our Systems Advisor Tool can help. Just give the tool a little 


input, and it will identify products that can help meet your 

ibm.com/systems/uptime 

business needs. Get started now at ibm.com/systems/uptime 

1 866-872-3902 (mention 6N8AH04A) 


1. IBM Global Financing offerings are provided through IBM Credit LLC in the United States and other IBM subsidiaries and divisions worldwide to qualified commercial and government customers. Monthly payments provided are for planning purposes 
only and may vary based on your credit and other factors. Lease offer provided is based on an FMV lease of 36 monthly payments. Other restrictions may apply. Rates and offerings are subject to change, extension or withdrawal without notice. 

2. IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply. For a copy of applicable product warranties, visit ibm.com/servers/support/machine_warranties or write to: Warranty 
Information, P.O. Box 12195, RTP, NC 27709, Attn: Dept. JDJA/B203. IBM makes no representation or warranty regarding third-party products or services, including those designated as ServerProven® or ClusterProven® Telephone support may be subject 
to additional charges. For on-site labor, IBM will attempt to diagnose and resolve the problem remotely before sending a technician. On-site warranty is available only for selected components. Optional same-day service response is available [on select 
systems] at an additional charge. IBM, the IBM logo, IBM Express Advantage, System x and System Storage are trademarks of International Business Machines Corporation in the United States and/or other countries. For a complete list of IBM Trademarks, 
see ibm.com/legal/copytrade.shtml. Intel, the Intel logo, Xeon and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the U.S. and other countries. All other products may be trademarks or registered trademarks of their respective 
companies. All prices and savings estimates are based upon IBM’s estimated retail selling prices as of 03/24/2008. Prices and actual savings may vary according to configuration. Resellers set their own prices, so reseller prices and actual savings to end 
users may vary. Products are subject to availability. This document was developed for offerings in the United States. IBM may not offer the products, features, or services discussed in this document in other countries. Prices are subject to change without 
notice. Starting price may not include a hard drive, operating system or other features. Contact your IBM representative or IBM Business Partner for the most current pricing in your geographic area. © 2008 IBM Corporation. All rights reserved. 
























) N 


3 


n 


d 


/ \ 


y_ 


\ 


n\ L 




r 




IS / 


5 


£3^ 




-r 












7TT 

— 




J 



J k 


n 


53 . 




IX 


y~\ 


3X. 


\T 


i\\. 


ml 




\ . 


I 


J 


a_ 


Clear the clutter 
with the FREE File Insight 
utility download at 


www.brocade.com/ 

cleartheclutter 




FEEL LIKE YOU’RE STORING EVERYTHING AND MANAGING NOTHING? 
BROCADE FILE SOLUTIONS FOR WINDOWS FILE ADMINISTRATORS CAN HELP. 


With Brocade File Solutions for Windows File Administrators, you can automatically migrate files 
to the optimum types of media based on your rules. Stop spending late nights and weekends 
manually migrating file data and start providing your users with access to the data they need. 
Clear the clutter with the FREE File Insight utility download at www.brocade.com/cleartheclutter 


BROCADE 


© 2008 Brocade Communications Systems, Inc. All rights reserved. Brocade is a registered trademark, and the B-wing symbol is a trademark of 
Brocade Communications Systems, Inc. 




















































































































































































































































































































